EUVD-2025-179788

Malicious code in chalk-asteroid-await-prettier-stylelint npm...

EUVD-2025-179785

Malicious code in chalk-mira-procyon-schema npm...

EUVD-2025-113668

Malicious code in fetch-event-cosmiconfig-chalk npm...

EUVD-2025-112134

Malicious code in json-passport-eslint-config-chalk npm...

EUVD-2025-115466

Malicious code in chalk-gulp-helmet-andromeda npm...

EUVD-2025-115467

Malicious code in chalk-gemini-nconf-cz-conventional-changelog npm...

When Dependencies Turn Dangerous: Responding to the NPM Supply Chain Attack

On September 8, 2025, attackers compromised a set of 18 widely used npm packages —including chalk, debug, ansi-styles, and strip-ansi—collectively downloaded over 2.6 billion times per week. Through a targeted phishing campaign against a maintainer, the attackers published malicious versions...

Widespread npm Supply Chain Attack: Breaking Down Impact & Scope Across Debug, Chalk, and Beyond

A deeper look at the npm debug/chalk supply-chain incident: deobfuscating the wallet-hijacking browser interceptor, quantifying the 2-hour exposure with Wiz telemetry 99% package prevalence, 10% malware presence, and unpacking what made it spread so fast...

npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack

Aikido Security flagged the largest npm attack ever recorded, with 18 packages like chalk, debug, and ansi-styles hacked…...