12 matches found
EUVD-2025-179788
Malicious code in chalk-asteroid-await-prettier-stylelint npm...
EUVD-2025-179785
Malicious code in chalk-mira-procyon-schema npm...
EUVD-2025-113668
Malicious code in fetch-event-cosmiconfig-chalk npm...
EUVD-2025-115466
Malicious code in chalk-gulp-helmet-andromeda npm...
EUVD-2025-115467
Malicious code in chalk-gemini-nconf-cz-conventional-changelog npm...
EUVD-2025-112134
Malicious code in json-passport-eslint-config-chalk npm...
When Dependencies Turn Dangerous: Responding to the NPM Supply Chain Attack
On September 8, 2025, attackers compromised a set of 18 widely used npm packages —including chalk, debug, ansi-styles, and strip-ansi—collectively downloaded over 2.6 billion times per week. Through a targeted phishing campaign against a maintainer, the attackers published malicious versions...
Widespread npm Supply Chain Attack: Breaking Down Impact & Scope Across Debug, Chalk, and Beyond
A deeper look at the npm debug/chalk supply-chain incident: deobfuscating the wallet-hijacking browser interceptor, quantifying the 2-hour exposure with Wiz telemetry 99% package prevalence, 10% malware presence, and unpacking what made it spread so fast...
Malicious code in chalk (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 985b6546ed08c8482326a4819faec318c27c1f6d7518acdf384d5f5a8c1453aa Any computer that has this package installed or running should be considered fully compromised. All...
npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack
Aikido Security flagged the largest npm attack ever recorded, with 18 packages like chalk, debug, and ansi-styles hacked…...
MAL-2025-8626 Malicious code in @malware-test-esnes-otary-calla-chalk/test-mlw3-esnes-otary-calla-chalk (npm)
The package @malware-test-esnes-otary-calla-chalk/test-mlw3-esnes-otary-calla-chalk was found to contain malicious code...
MAL-2024-11215 Malicious code in crypto-chalk (npm)
This package is a starjacking attack which bundles a cryptostealing payload. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8183583924c5f6f8fc0ab3f242d354d5ee91cf77816175d98f546ef2e631f8e Any computer that has this package installed or running should be considered...