MAL-2026-10076: Malicious code in ts-eslint-jest (npm)
The npm package ts-eslint-jest version 1.0.0 is a malicious typosquatting package that masquerades as a legitimate TypeScript/ESLint/Jest helper. It contains a script (lib/collect.js) that executes…
Read the full articleYou might also wanna read

What is typosquatting and how typosquatting attacks are responsible for malicious modules in npm
Typosquatted npm Package Delivers Windows RAT with Encrypted C2 and Registry Persistence
A newly discovered malware campaign is targeting Windows systems through a deceptive package on the npm registry. Disguised as a legitimate
cybersecuritynews.com·15d agoSecurity Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
## Summary Malicious versions of the [`nx` package]( as well as some supporting plugin packages, were published to npm, containing code that

Maintainers of ESLint Prettier Plugin Attacked via npm Supply Chain Malware
Urgent warning: Maintainers of popular npm packages like ESLint Prettier Plugin were attacked via an npm supply chain malware incident. Lear
How to effectively detect and mitigate Trojan Source attacks in JavaScript codebases with ESLint
Learn how to detect and prevent the Trojan Source vulnerability in your JavaScript ecosystem. This attack relies on reviewers confusing the

Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT
Meta description: Malicious versions of the Axios npm package (1.14.1 and 0.30.4) were published via a compromised maintainer account, injec

Comments
Sign in to join the conversation.
No comments yet. Be the first.