Skip to main content

Tag: npmpackages

5 articles

Self-Replicating Worm Compromises 180+ Software Packages

Self-Replicating Worm Compromises 180+ Software Packages

What if the package you just installed quietly handed an attacker your API keys? Researchers found a self‑replicating worm in 187 npm packages that harvests secrets during install, posts them to a public GitHub repo, and uses each new install to spread and pivot into other projects.

Analyst 207
Self-Replicating Worm Infiltrates 180+ Software Packages

Self-Replicating Worm Infiltrates 180+ Software Packages

The packages you trust might be betraying you: researchers found a self‑replicating worm in 187+ NPM modules that steals developer tokens, posts them publicly, and uses those leaked credentials to replicate—turning routine installs into a spreading infection.

Analyst 207
18 Popular Code Packages Rigged to Steal Crypto

18 Popular Code Packages Rigged to Steal Crypto

Think your dependencies are safe? Eighteen popular packages were secretly rigged to siphon crypto—here’s how to spot, avoid, and clean up these sneaky supply‑chain attacks.

Analyst 207
npm packages Must-Have Defense Against Risky Attacks

npm packages Must-Have Defense Against Risky Attacks

Attackers briefly pushed trojanized npm releases that spread fast through the cloud, mined only pennies, and left security teams scrambling to contain and remediate. It’s a wake‑up call: package convenience comes with real supply‑chain risk, so tighten controls, pin dependencies, and treat dependencies as first‑class security assets.

Analyst 207
crypto phishing Shocking Supply-Chain Nightmare

crypto phishing Shocking Supply-Chain Nightmare

One phishing click that reset a maintainer’s 2FA let attackers slip backdoors into at least 18 popular npm packages — including debug and chalk — turning trusted libraries into supply-chain landmines. It’s a wake-up call: human error can ripple through the entire ecosystem, so stronger authentication, multi-person publishing, and tighter dependency hygiene can’t wait.

Analyst 207