Tag: node ipc

2 articles

Developer installing software on laptop at cluttered desk with subtle signs of malware in the background.

Node-ipc Package Infected with Credential-Stealing Malware

A malicious update to the widely-used node-ipc library has infected thousands of projects with credential-stealing malware, posing a significant supply-chain risk for developer environments and CI systems. With over 690,000 weekly downloads, this single compromised library could be exfiltrating sensitive data from countless unsuspecting users.

Analyst 207May 15, 2026

Dimly lit software development workspace with cluttered desk and turned-off laptop and monitor.

Malicious Node-IPC Versions Expose Developer Secrets to Stealer Backdoor

Three versions of the popular Node IPC package have been compromised with a stealthy backdoor that can steal sensitive developer secrets, sparking urgent concerns about supply-chain security. The malicious versions, published under a fake account, contain heavily obfuscated code that springs into action when the package is loaded at runtime.

Analyst 207May 14, 2026