Yet another malicious package found in npm, targeting cryptocurrency wallets
Source
You might also wanna read
DuckDB npm packages 1.3.3 and 1.29.2 compromised with cryptocurrency-targeting malware
The DuckDB npm packages (duckdb, @duckdb/node-api, @duckdb/node-bindings, and duckdb-async) were compromised with malware in versions 1.3.3
Popular npm packages debug and chalk compromised with crypto-intercepting malware
Starting September 8th, 2023, the popular npm packages "debug" and "chalk" were compromised with malicious code. These packages, which colle
aikido.dev·10mo ago
September 2025 NPM supply-chain attack compromises popular JavaScript packages
In September 2025, a coordinated software supply-chain attack targeted multiple popular NPM packages in the JavaScript ecosystem. The attack
Crates.io Targeted by Phishing Attempt Following npm Supply Chain Attack
The article discusses a phishing attempt targeting crates.io, the main public repository for Rust packages, following a recent npm supply ch
NPM supply chain attack compromises popular packages, posing widespread security risk
A significant supply chain attack on the NPM package ecosystem compromised several popular packages, potentially allowing malicious code to
176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials
Sonatype researchers uncovered a campaign involving 176 malicious npm packages using a dependency confusion attack strategy. Attackers publi

Comments
Sign in to join the conversation.
No comments yet. Be the first.