Technology ❯ Software Development ❯ Package Management

NPM

Malicious Packages Dependency Management Security Vulnerabilities Malicious Code @ctrl/tinycolor

Self-Publishing 'IndonesianFoods' Worm Floods npm With More Than 100,000 Spam Packages

The campaign exploits a manual-execution script to bypass common npm security checks.

Researchers Uncover 'PhantomRaven' Campaign Flooding npm With 126 Credential-Stealing Packages

Shai-Hulud Worm Infects 187 npm Packages, Steals Secrets and Self‑Replicates via Stolen Tokens

Phished npm Maintainer’s Packages Used in Crypto-Clipping Attack as Rapid Takedown Limits Damage

Malicious npm Packages Tap Ethereum Smart Contracts for Stealthy C2