SSShyngys Shynbolatovinblockhacks.hashnode.dev·Dec 6, 2025 · 20 min readHow Hackers Use NPMSCan.com to Hack Web Appsnpm is the largest supply chain in the world. Modern JavaScript apps — Next.js, Nuxt.js, React, Bun — rely on hundreds of dependencies maintained by strangers.Most developers install packages blindly.Hackers do the opposite: they profile, inspect, an...00
SSShyngys Shynbolatovinblockhacks.hashnode.dev·Nov 26, 2025 · 5 min readHow NPMscan Helps You Catch npm Malware Before It Lands in Your ProjectEvery modern JavaScript project relies on third-party packages. But in 2025, the npm ecosystem has become an attack surface of its own: hijacked maintainers, malicious patch releases, typosquatting attempts, crypto drainers hidden inside “utility” pa...00
