MAL-2026-7022: Malicious code in tslint-conf (npm)
The npm package 'tslint-conf' version 7.2.1 is a malicious package masquerading as the 'pino' logger. It exports middleware that, when invoked, launches a hidden background process which fetches and…
Read the full articleYou might also wanna read
Security Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
## Summary Malicious versions of the [`nx` package]( as well as some supporting plugin packages, were published to npm, containing code that

Visibly invisible malicious Node.js packages: When configuration niche meets invisible characters
A focus on attacks in the Node.js ecosystem via the yarn and npm package managers, examining how configuration abuse and hidden characters c

Maintainers of ESLint Prettier Plugin Attacked via npm Supply Chain Malware
Urgent warning: Maintainers of popular npm packages like ESLint Prettier Plugin were attacked via an npm supply chain malware incident. Lear
AI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator
Popular npm packages debug and chalk compromised with crypto-intercepting malware
The popular packages debug and chalk on npm have been compromised with malicious code
aikido.dev·10mo ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.