The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2)
By
Unit 42
Source
unit42.paloaltonetworks.comThe npm Threat Landscape: Attack Surface and Mitigations (Updated June 2)paloaltonetworks.comYou might also wanna read
npm to Implement Staged Publishing as Security Response to Supply Chain Attacks
npm is implementing staged publishing as a security response to supply chain attacks, particularly the Shai-Hulud campaign that exposed vuln
Microsoft uncovers npm supply chain attack stealing cloud and CI/CD credentials via typosquatted packages
Microsoft identified an active supply chain attack (Mini Shai-Hulud campaign) targeting the npm package ecosystem. On May 28, 2026, a threat
317 npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack
A major npm supply chain attack occurred on May 19, 2026, when the npm account of maintainer "atool" was compromised. The attacker published
GitLab Identifies Large-Scale npm Supply Chain Attack with Destructive Malware
GitLab's security researchers have uncovered a large-scale supply chain attack in the npm ecosystem involving a destructive malware variant
Supply Chain Attack Wave Targets npm Packages and Go Ecosystem via Mini Shai-Hulud Malware Family
Socket Threat Research is tracking a new supply chain attack wave linked to the Mini Shai-Hulud, Miasma, and Hades malware family. The campa
hendryadrian.com·9d ago
September 2025 NPM supply-chain attack compromises popular JavaScript packages
In September 2025, a coordinated software supply-chain attack targeted multiple popular NPM packages in the JavaScript ecosystem. The attack

Comments
Sign in to join the conversation.
No comments yet. Be the first.