AI 생성 Malware의 GitHub Token 유출로 인한 676건의 npm 패키지 감염 사례
Malware dev tries to steal Claude users' secrets, writes npm slop, leaks own GitHub private token
Malware dev tries to steal Claude users' secrets, writes npm slop, leaks own GitHub private token
From pnpm's Cool Feature to npm's Life jacket: The (somewhat accidental) birth of age-install
npm outdated won't tell you if a package is abandoned — so I built `stale-deps`