npm malware attack

Popular NPM ‘is’ Package Infects 2.8M Weekly Users with Malware

July 25, 2025

A widely-used NPM package called 'is' was compromised in a supply chain attack, distributing malware-infected versions (3.3.1 to 5.0.0) with…

Malware Discovered in Popular NPM Packages with 1M+ Weekly Downloads

June 9, 2025

A widespread supply chain attack compromised 17 popular NPM packages, injecting malicious code that acts as a remote access trojan,…