Skip to main content

Tag: npm ecosystem

3 articles

Software development workspace with a computer screen displaying a blurred graph, surrounded by cables and development tools.

Mini Shai-Hulud Campaign Targets npm Ecosystem with Malicious AntV Packages

A large-scale attack has infected hundreds of popular npm packages, including widely-used data visualization and React components, with malicious updates, putting a vast number of projects and applications at risk. The attackers published 639 malicious versions across 323 unique packages in a fast-moving supply chain operation.

Analyst 207
Cluttered developer workstation with laptop, notes, and coffee cups, blurred cityscape in background.

npm Ecosystem Faces Rising Threat from Sophisticated Malware Campaigns

The npm ecosystem's security has reached a critical turning point, with sophisticated malware campaigns on the rise and a new baseline of threats emerging since September 2025. Malicious actors are now exploiting developer trust, transforming nuisance attacks into high-consequence supply-chain threats.

Analyst 207
Dimly lit coding environment with multiple screens and laptops, notes, and diagrams, showing signs of disarray.

npm Ecosystem Targets New Supply-Chain Attack to Steal Auth Tokens

Researchers have uncovered a sneaky supply-chain worm that can hijack auth tokens and spread malware through the npm ecosystem, putting countless packages at risk. This stealthy threat can inject itself into every package it can publish, creating a ripple effect of compromised code.

Analyst 207