Topic: npm packages compromise

Sort by: Relevance | Date

June 9, 2025
90%

Malware Discovered in Popular NPM Packages with 1M+ Weekly Downloads

A widespread supply chain attack compromised 17 popular NPM packages, injecting malicious code that acts as a remote access trojan, with over one million weekly downloads affected. The malicious payload, hidden in obfuscated code, can execute arbitrary commands, manipulate files, and hijack Windo...
Read More »