maintainer-account-takeover
Safeguard articles tagged "maintainer-account-takeover" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Anatomy of a self-propagating npm worm
In September 2025, one phished maintainer account led to malicious chalk and debug releases hitting over 2B weekly downloads within two hours.
The 'ctx' PyPI Package Hijack via Expired Maintainer Domain
In 2022, attackers bought an expired domain, reset a PyPI maintainer's email, and hijacked the ctx package to steal environment variables from unsuspecting installs.
The coa and rc npm Maintainer Account Hijack Incident
How the coa and rc npm hijack let attackers seize maintainer accounts on two packages with 20M+ weekly downloads to push Windows password-stealing malware.
Compromised maintainer accounts on npm
Recent npm maintainer account takeovers show how a single stolen credential can compromise billions of downloads. Here's the anatomy of the threat—and the defense.
How Package Takeover via Maintainer Account Compromise Ac...
Attackers don't hack npm's servers — they phish or socially engineer maintainers. Here's how account takeover turns trusted packages into malware.