Malicious NPM Package Gets Downloaded 50K Times Before Discovery
DevOps.com
by Mike VizardFebruary 26, 2026
A malicious package downloaded approximately 50,000 times from a node package manager (npm) is providing an object lesson for adopting more DevSecOps best practices. Security researchers from Tenable discovered a “ambar-src” package that was first published Feb. 13 and then updated again before being discovered. It is aimed at developers building JavaScript applications on Windows, […]
Verticals
devopstech
Originally published on DevOps.com on 2/26/2026