MAL-2026-10047: Malicious code in chai-as-staged (npm)
The npm package 'chai-as-staged' version 6.0.4 is a malicious package impersonating the popular 'chai-as-promised' testing library. It contains obfuscated code that, when used as documented, triggers…
Read the full articleYou might also wanna read
npm to Implement Staged Publishing as Security Response to Supply Chain Attacks
The planned feature introduces a review step before releases go live, following the Shai-Hulud attacks and a rocky migration off classic tok
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Popular npm packages debug and chalk compromised with crypto-intercepting malware
The popular packages debug and chalk on npm have been compromised with malicious code
aikido.dev·10mo agoAI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator

Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account
A compromised npm maintainer account triggered an automated burst of over 300 malicious package versions across 323 packages in the AntV dat
Security Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
## Summary Malicious versions of the [`nx` package]( as well as some supporting plugin packages, were published to npm, containing code that

Comments
Sign in to join the conversation.
No comments yet. Be the first.