npm-supply-chain-attack
Safeguard articles tagged "npm-supply-chain-attack" — guides, analysis, and best practices for software supply chain and application security.
6 articles
event-stream npm package backdoor incident
How a routine maintainer handoff let attackers slip a Bitcoin-stealing backdoor into event-stream, hitting millions of npm installs for ten weeks.
ua-parser-js npm hijack incident
In 2021, a hijacked npm account pushed cryptomining and password-stealing malware into ua-parser-js for 4 hours. Here's what happened and how to catch it faster.
ESLint config-prettier maintainer npm account compromise
A phished maintainer account turned eslint-config-prettier and four sibling npm packages into a malicious install-time payload — here's what happened and how to check exposure.
The Shai-Hulud npm Supply Chain Attack Explained
How the Shai-Hulud worm turned compromised npm maintainer tokens into a self-replicating supply chain attack, and how to detect and remediate it.
Shai-Hulud self-propagating npm worm campaign
Inside Shai-Hulud, the self-propagating npm worm that hijacked publish tokens to auto-infect hundreds of packages across the JavaScript ecosystem.
lottie-player npm supply chain compromise
A phishing-driven npm token takeover pushed a crypto wallet drainer into lottie-player, hitting 94K weekly downloads before LottieFiles shipped a fix.