3 matches found
When Dependencies Turn Dangerous: Responding to the NPM Supply Chain Attack
On September 8, 2025, attackers compromised a set of 18 widely used npm packages —including chalk, debug, ansi-styles, and strip-ansi—collectively downloaded over 2.6 billion times per week. Through a targeted phishing campaign against a maintainer, the attackers published malicious versions...
Malicious code in strip-ansi (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3736bb5cc515b07f47ad6b5bb06c367271994c4b6606f1ddeb91a056788c34c2 Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-46980 Malicious code in strip-ansi (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3736bb5cc515b07f47ad6b5bb06c367271994c4b6606f1ddeb91a056788c34c2 Any computer that has this package installed or running should be considered fully compromised. All...