MAL-2026-10043: Malicious code in chai-as-modified (npm)
The npm package 'chai-as-modified' version 6.0.4 is identified as malicious. It masquerades as a variant of the legitimate 'chai-as-promised' plugin but includes a covert execution mechanism that…
Read the full articleYou might also wanna read
Popular npm packages debug and chalk compromised with crypto-intercepting malware
The popular packages debug and chalk on npm have been compromised with malicious code
aikido.dev·10mo agoAI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator

Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT
Meta description: Malicious versions of the Axios npm package (1.14.1 and 0.30.4) were published via a compromised maintainer account, injec
North Korean Chollima Group Targets PHP Developers via Malicious Packagist Package
Security researchers discovered obfuscated JavaScript hidden inside a Packagist development version of the legitimate Laravel package
cyberpress.org·1mo ago
TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack
On May 11, 2026, the Mini Shai-Hulud worm compromised 84 npm package artifacts across 42 @tanstack/* packages (as well as @squawk/*, @mistra

Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account
A compromised npm maintainer account triggered an automated burst of over 300 malicious package versions across 323 packages in the AntV dat

Comments
Sign in to join the conversation.
No comments yet. Be the first.