Popular npm packages debug and chalk compromised with crypto-intercepting malware
The popular packages debug and chalk on npm have been compromised with malicious code
Read the full articleYou might also wanna read
npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)
Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed

September 2025 NPM supply-chain attack compromises popular JavaScript packages
In September 2025, the JavaScript ecosystem faced one of its most disruptive security events to date: a coordinated software supply-chain at
Malicious npm Package js-logger-pack Ships a Multi-Platform WebSocket Stealer
js-logger-pack spent three weeks on npm evolving from a probe into a full infostealer and then a binary dropper. Early versions installed an
Jscrambler npm Hack: The Supply Chain Attack That Targeted Every AI Developer's Machine
The official jscrambler npm package published 5 compromised versions on July 11, 2026, using a preinstall hook to drop a Rust infostealer ta
Injective npm supply chain attack leaks crypto wallet keys
ON July 8, 2026, a supply chain attack targeted the Injective blockchain's npm packages, compromising a trusted developer's account to injec
Compromised AsyncAPI packages on npm deliver malware
A commit to the AsyncAPI generator GitHub repository injected obfuscated JavaScript into four npm packages with a combined weekly download v

Comments
Sign in to join the conversation.
No comments yet. Be the first.