Wait, binding.gyp Can Do What? Exploring npm's Weirdest Build System
Deep dive into binding.gyp, the often overlooked npm build file that can execute malicious code at install time through shell expansions, sandbox escapes, and compiler hijacking. Category…
Read the full articleYou might also wanna read

Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp
A new npm worm is abusing binding.gyp to trigger node-gyp during install, letting malicious packages run code without lifecycle scripts. It

Targeted npm dependency confusion attack caught red-handed
Once in a while we encounter a truly malicious package that has a purpose, means, and is production-ready — this is a story about one found
Why npm lockfiles can be a security blindspot for injecting malicious modules
In this post, we show you how easy it is to introduce back doors that are easily missed by project owners… leaving your code insecure.
MAL-2026-7022: Malicious code in tslint-conf (npm)
The npm package 'tslint-conf' version 7.2.1 is a malicious package masquerading as the 'pino' logger. It exports middleware that, when invok
MAL-2026-10079: Malicious code in vybscan-testbed-obfuscated-postinstall (npm)
The npm package vybscan-testbed-obfuscated-postinstall version 1.0.0 contains a postinstall lifecycle script that executes obfuscated code d
nx Build System Compromised Targeting Linux and MacOS developers
The popular npm package `nx` was compromised, targeting Linux and macOS developers. Malicious versions included a postinstall script that st

Comments
Sign in to join the conversation.
No comments yet. Be the first.