Lottie Player npm package compromised for crypto wallet theft
Source
SnykLottie Player npm package compromised for crypto wallet theftsnyk.ioYou might also wanna read

September 2025 NPM supply-chain attack compromises popular JavaScript packages
In September 2025, a coordinated software supply-chain attack targeted multiple popular NPM packages in the JavaScript ecosystem. The attack
Popular npm packages debug and chalk compromised with crypto-intercepting malware
Starting September 8th, 2023, the popular npm packages "debug" and "chalk" were compromised with malicious code. These packages, which colle
aikido.dev·10mo agoDuckDB npm packages 1.3.3 and 1.29.2 compromised with cryptocurrency-targeting malware
The DuckDB npm packages (duckdb, @duckdb/node-api, @duckdb/node-bindings, and duckdb-async) were compromised with malware in versions 1.3.3
317 npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack
A major npm supply chain attack occurred on May 19, 2026, when the npm account of maintainer "atool" was compromised. The attacker published
Shai-Hulud: Largest npm Supply-Chain Compromise Affecting CrowdStrike and Hundreds of Packages
The Shai-Hulud malware campaign represents the largest and most dangerous npm supply-chain compromise in history, affecting hundreds of pack
NPM supply chain attack compromises popular packages, posing widespread security risk
A significant supply chain attack on the NPM package ecosystem compromised several popular packages, potentially allowing malicious code to

Comments
Sign in to join the conversation.
No comments yet. Be the first.