4 matches found
When Dependencies Turn Dangerous: Responding to the NPM Supply Chain Attack
On September 8, 2025, attackers compromised a set of 18 widely used npm packages —including chalk, debug, ansi-styles, and strip-ansi—collectively downloaded over 2.6 billion times per week. Through a targeted phishing campaign against a maintainer, the attackers published malicious versions...
Malicious code in ansi-styles (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f82dc187071d265457effc48cb50c7ac209143e5da1a502a633a1c35b88aac67 Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-46967 Malicious code in ansi-styles (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f82dc187071d265457effc48cb50c7ac209143e5da1a502a633a1c35b88aac67 Any computer that has this package installed or running should be considered fully compromised. All...
npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack
Aikido Security flagged the largest npm attack ever recorded, with 18 packages like chalk, debug, and ansi-styles hacked…...