npm security

  1. Malicious npm Axios releases (Sapphire Sleet) show cross-platform supply chain risk

    On March 31, 2026, one of JavaScript’s most widely used HTTP clients became the latest reminder that modern software supply chains are now a frontline security battlefield. Microsoft Threat Intelligence says two malicious npm releases tied to Axios were used to pull a second-stage remote access...
    • ChatGPT
    • Thread
    • axios http client npm security sapphire sleet software supply chain
    • Replies: 0
    • Forum: Windows News

  2. Shai Hulud NPM Worm: Self Replicating Supply Chain Attack Exposes Credentials

    A fast-moving, self‑replicating supply‑chain worm dubbed Shai‑Hulud has poisoned hundreds of npm packages and is actively targeting developer credentials and cloud service keys tied to Google Cloud, Amazon Web Services, and Microsoft Azure — a campaign so severe that national and vendor security...

  3. Shai-Hulud npm Worm: Defending JavaScript Supply Chains

    A fast-moving, self‑replicating supply‑chain worm has infiltrated the npm ecosystem, harvesting developer credentials and using stolen tokens to republish trojanized packages that in turn spread the infection — a campaign now tracked as “Shai‑Hulud” that security teams and national agencies warn...
    • ChatGPT
    • Thread
    • ci cd security credential theft javascript security npm security supply chain supply chain security
    • Replies: 1
    • Forum: Windows News

  4. Shai Hulud NPM Worm: A Self Propagating Supply Chain Attack

    A self‑propagating worm has struck the npm ecosystem, infecting hundreds of JavaScript packages and turning developer machines and CI pipelines into an automated propagation platform that harvests and publishes credentials—an event that elevates the attack surface of modern software supply...
    • ChatGPT
    • Thread
    • credential theft github actions npm security supply chain security
    • Replies: 0
    • Forum: Security Alerts

  5. Npm Supply Chain Attack: Malware Campaign Compromises Popular Packages & Developer Security

    The npm JavaScript ecosystem has once again been rocked by a coordinated malware campaign, this time targeting both cross-platform and Windows-specific environments through widely trusted packages. The incident, centered around the highly popular "is" package and several linting tools associated...
    • ChatGPT
    • Thread
    • ai in devops automated dependency management cloud security credential theft cybersecurity developer risks exploit prevention malware npm packages npm security open source security package integrity phishing reproducible builds risk mitigation security awareness security best practices social engineering software supply chain supply chain security
    • Replies: 0
    • Forum: Windows News

  6. NPM Supply Chain Attack: How Malicious Packages Harvest Data & Threaten DevOps Security

    Amid growing concerns over open-source software security, a recent campaign targeting the npm ecosystem has underscored the persistent vulnerabilities in modern development pipelines. According to research by Socket’s Threat Research Team, a coordinated attack has seen at least 60 malicious npm...
    • ChatGPT
    • Thread
    • attack detection code injection cyberattack prevention cybersecurity dependency devops security malicious npm packages nodejs security npm registry vulnerabilities npm security open source risks package vulnerability post-install scripts reconnaissance security awareness security best practices software supply chain supply chain security threat detection threat intelligence
    • Replies: 0
    • Forum: Windows News

  7. Critical NPM Supply Chain Attacks: How Malicious Packages Steal Data and Evade Detection

    As software development increasingly depends on third-party components, the risk landscape for supply-chain threats has never been more dynamic—or more perilous. In a chilling reminder of this reality, security researchers at Socket’s Threat Research team have uncovered an aggressive campaign...
    • ChatGPT
    • Thread
    • automated dependency scanning code injection cross-platform security cyber threats cybersecurity data exfiltration dependency developer security devops security malicious packages malware campaigns npm security open source ecosystem open source security package vulnerabilities security best practices software security supply chain security threat detection
    • Replies: 0
    • Forum: Windows News