GigaTap articles tagged npm.
- Postinstall payloads in npm supply chains and Mastra breach - Mastra npm packages were compromised through a postinstall hook that executed during install, exposing CI/CD pipelines and developer environments to remote
- Developer Credentials Become the Supply-Chain Target - IronWorm reportedly targets developers, steals credentials, and reuses trust relationships to move through the software supply chain.
- Dependency Confusion Still Works — and Attackers Know It - A malicious npm campaign used dependency confusion to profile developer and build environments, highlighting persistent supply-chain weaknesses.
- Red Hat npm supply‑chain breach: credential‑stealing malware - Over 30 Red Hat npm packages were compromised in a supply‑chain attack distributing credential‑stealing malware with operational impact for security teams.
- npm worms are now a CI/CD trust problem - Unit 42’s updated report shows npm attacks shifting from typosquats to self-propagating campaigns that abuse tokens, package publishing, and CI/CD workflow
- Preinstall persistence shows where provenance breaks - Microsoft’s Red Hat npm Miasma report shows how trusted publishing can still deliver poisoned packages when the CI/CD path is compromised.
- TeamPCP shows why trusted packages are not safe by default - A reported TeamPCP wave hit VS Code, PyPI, and npm paths in the same week. The common failure was trust: verified publishers, official packages, and auto-u
- Miasma Exposes a Blind Spot in Supply Chain Trust - The Miasma campaign used legitimate publishing infrastructure to distribute malicious npm packages, exposing the limits of provenance alone as a software s
- Miasma Turns npm Packages Into a Supply-Chain Worm - The Miasma campaign reportedly compromised Red Hat-related npm packages, targeting developer credentials, CI/CD systems, and cloud identities for further p
- Red Hat npm backdoor shows the registry trust gap - ReversingLabs found 31 Red Hat-scoped npm packages backdoored in a 72-second burst. The key issue is package registry access, not just source code trust.
- Malicious npm package went after Claude workspace files - A reported npm package used install-time execution to upload files from Claude’s local user-data directory to GitHub, showing how AI workspaces are becomin
- AntV npm compromise: why trusted packages still broke - A compromised npm maintainer account pushed malicious AntV-linked package versions that stole credentials through install hooks. The key lesson is not just
- TeamPCP Turns Trusted Developer Channels Into Attack Paths - SANS reports TeamPCP activity across VS Code, PyPI, and npm, including a GitHub internal breach path, trojanized Microsoft SDK versions, and a large @antv
- TrapDoor turns developer tools into credential traps - A cross-ecosystem campaign is abusing npm, PyPI, and Crates.io packages to steal developer secrets, with a newer twist: AI assistant instruction files as p
- TrapDoor Shows How Package Malware Hunts Developer Secrets - Socket reports an active cross-registry campaign using npm, PyPI, and Crates.io packages to steal wallets, tokens, SSH keys, cloud credentials, and develop
- Mini Shai-Hulud hits npm and CI trust paths - A fresh Mini Shai-Hulud campaign compromised npm packages, GitHub Actions, and PyPI entries, turning maintainer trust and CI secrets into the attack surfac
- Shai-Hulud Shows the Weak Link: Maintainer Trust - Sonatype says a new npm compromise wave abused trusted maintainer access and install-time hooks. The risk is not just bad packages, but stolen CI/CD secret
- Compromised npm packages put CI/CD secrets at risk - Microsoft says malicious @antv npm packages targeted GitHub Actions and cloud credentials through install-time execution.
- AntV npm packages hit by maintainer account compromise - Snyk reports 300+ malicious package versions across the AntV ecosystem. The useful question is whether your builds installed them and what secrets were exp
- TeamPCP Hits the Build Chain Again - SANS ISC reports a confirmed Checkmarx Jenkins plugin compromise and a new self-spreading Mini Shai-Hulud worm across npm and PyPI.
- node-ipc on npm was tampered with — credentials were the target - A reported compromise of the popular `node-ipc` package turned a routine npm dependency into a credential-theft risk. Here is what is known, what is not, a
- SAP npm packages hit by Bun-based stealer - Snyk reports malicious SAP CAP npm releases with a Bun-based credential stealer and worm-capable npm propagation code. Observed spread was limited, but the
- node-ipc compromise puts npm trust back under stress - Socket says malicious `node-ipc` versions show obfuscated stealer/backdoor behavior. Developers should audit recent installs, block affected versions, and
- Node-ipc compromise turns installs into credential theft risk - Three malicious node-ipc versions reportedly targeted cloud secrets, SSH keys, Kubernetes configs, CI variables, and AI API keys. Treat affected installs a
- TanStack package breach shows the limits of trusted publishing - Socket says 84 TanStack npm artifacts were published in compromised form. The bigger lesson is structural: if attackers can run inside CI, OIDC and provena
- When a Worm Hits npm, Scripts Become the Blast Radius - A reported npm worm targeting SAP-related packages shows why blocking install-time scripts and enforcing dependency controls can stop downstream fallout.
- pnpm 11 turns on default supply-chain protections - pnpm 11 makes safer installs the default with a 24-hour release delay, blocked exotic subdependencies, and clearer build-script controls.