Node Package Manager
Coverage of Node Package Manager in the Nexus archive.
- New IronWorm malware hits 36 packages in npm supply-chain attack
A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm.
- New Shai-Hulud malware wave compromises 600 npm packages
Threat actors published over 600 malicious packages to the Node Package Manager index as part of a new Shai-Hulud supply-chain campaign, compromising 600 npm packages. This campaign is a significant attack on the software supply chain. The attack was carried out earlier today.
- Leaked Shai-Hulud malware fuels new npm infostealer campaign
The Shai-Hulud malware has been leaked and is being used in new attacks on the Node Package Manager index, with infected packages emerging over the weekend. This malware is fueling a new npm infostealer campaign. The attacks are targeting the npm index.
- New npm supply-chain attack self-spreads to steal auth tokens
A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and self-spreading by publishing malicious packages from compromised accounts. The attack exploits the npm package distribution system to propagate and exfiltrate authentication tokens.