Abusing Npm Postinstall Scripts

Media Summary: From the "JS Party" podcast. More Subscribe for more! Apple: Spotify: ... In this Modern Web Podcast, Rob Ocel and Danny Thompson break down the recent string of Get 20% off Mobbin Pro to make your apps not ugly - Yesterday,

Abusing Npm Postinstall Scripts - Detailed Analysis & Overview

From the "JS Party" podcast. More Subscribe for more! Apple: Spotify: ... In this Modern Web Podcast, Rob Ocel and Danny Thompson break down the recent string of Get 20% off Mobbin Pro to make your apps not ugly - Yesterday, In today's Cybersecurity Daily, we break down the biggest threats shaping April 2026. A coordinated Get a GitNation Multipass, attend 8+ remote JavaScript conferences & watch tens of pro talks and workshops from our past events: ... npm ignore-scripts bypass using git vulnerability

On the night of March 30th, 2026 — while most developers were asleep — attackers quietly weaponized one of the most ...

Photo Gallery

Abusing NPM Postinstall Scripts

Why npm's postinstall script is a dangerous ANTI-PATTERN

How NPM Auto-Updates & Post-Install Scripts Could Hijack Your Org

Your npm install Is Lying To You About What's Already Inside

npm installs can hack your laptop (Here's how to stop it)

The largest supply-chain attack ever…

Weaponizing human trust to bypass security

You Ran npm install… And Got Hacked

Analysis of an exploited npm package – Jarrod Overson

npm ignore-scripts bypass using git vulnerability

They Hid Malware in a Package You Install Every Day…

GitHub to Disable Default npm Install Scripts in Version 12

View Detailed Profile

Abusing NPM Postinstall Scripts

Abusing NPM Postinstall Scripts

This video explains what an

Why npm's postinstall script is a dangerous ANTI-PATTERN

Why npm's postinstall script is a dangerous ANTI-PATTERN

From the "JS Party" podcast. More https://jsparty.fm/178 Subscribe for more! Apple: https://jsparty.fm/apple Spotify: ...

How NPM Auto-Updates & Post-Install Scripts Could Hijack Your Org

How NPM Auto-Updates & Post-Install Scripts Could Hijack Your Org

In this Modern Web Podcast, Rob Ocel and Danny Thompson break down the recent string of

Your npm install Is Lying To You About What's Already Inside

Your npm install Is Lying To You About What's Already Inside

A self-replicating

npm installs can hack your laptop (Here's how to stop it)

npm installs can hack your laptop (Here's how to stop it)

npm

The largest supply-chain attack ever…

The largest supply-chain attack ever…

Get 20% off Mobbin Pro to make your apps not ugly - https://mobbin.com/fireship Yesterday,

Weaponizing human trust to bypass security

Weaponizing human trust to bypass security

In today's Cybersecurity Daily, we break down the biggest threats shaping April 2026. A coordinated

You Ran npm install… And Got Hacked

You Ran npm install… And Got Hacked

cybersecurity #

Analysis of an exploited npm package – Jarrod Overson

Analysis of an exploited npm package – Jarrod Overson

Get a GitNation Multipass, attend 8+ remote JavaScript conferences & watch tens of pro talks and workshops from our past events: ...

npm ignore-scripts bypass using git vulnerability

npm ignore-scripts bypass using git vulnerability

npm ignore-scripts bypass using git vulnerability

They Hid Malware in a Package You Install Every Day…

They Hid Malware in a Package You Install Every Day…

On the night of March 30th, 2026 — while most developers were asleep — attackers quietly weaponized one of the most ...

GitHub to Disable Default npm Install Scripts in Version 12

GitHub to Disable Default npm Install Scripts in Version 12

Significant security updates coming to

Day 30 – NPM Under Siege ⚠️ | Supply Chain Attacks & Malicious Packages Explained

Day 30 – NPM Under Siege ⚠️ | Supply Chain Attacks & Malicious Packages Explained

Malicious