Malicious npm Package Impersonating Popular Express Cookie Parser
A malicious npm package impersonating the popular Express cookie parser package was discovered by SafeDep Cloud malicious package scanning service.
Read the full articleYou might also wanna read
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
MAL-2026-10049: Malicious code in chai-await-dom (npm)
The npm package chai-await-dom version 1.3.7 is a malicious package impersonating a pino-style logger API. Its middleware spawns a detached

Targeted npm dependency confusion attack caught red-handed
Once in a while we encounter a truly malicious package that has a purpose, means, and is production-ready — this is a story about one found
Security Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
## Summary Malicious versions of the [`nx` package]( as well as some supporting plugin packages, were published to npm, containing code that
Attacker publishes 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
A single npm user published 14 malicious packages impersonating OpenSearch/Elasticsearch libraries to steal AWS, Vault, and CI/CD secrets.
MAL-2026-10041: Malicious code in chai-as-buffered (npm)
The npm package chai-as-buffered version 3.7.24 is a malicious typosquatting package impersonating chai-as-promised and the pino logger. It

Comments
Sign in to join the conversation.
No comments yet. Be the first.