Tag: npm ecosystem
3 articles

Mini Shai-Hulud Campaign Targets npm Ecosystem with Malicious AntV Packages
A large-scale attack has infected hundreds of popular npm packages, including widely-used data visualization and React components, with malicious updates, putting a vast number of projects and applications at risk. The attackers published 639 malicious versions across 323 unique packages in a fast-moving supply chain operation.

npm Ecosystem Faces Rising Threat from Sophisticated Malware Campaigns
The npm ecosystem's security has reached a critical turning point, with sophisticated malware campaigns on the rise and a new baseline of threats emerging since September 2025. Malicious actors are now exploiting developer trust, transforming nuisance attacks into high-consequence supply-chain threats.

npm Ecosystem Targets New Supply-Chain Attack to Steal Auth Tokens
Researchers have uncovered a sneaky supply-chain worm that can hijack auth tokens and spread malware through the npm ecosystem, putting countless packages at risk. This stealthy threat can inject itself into every package it can publish, creating a ripple effect of compromised code.