JavaScript Supply-Chain Risk: Malicious npm Package and Package Manager Guardrail Bypasses
Security researchers reported an npm supply-chain compromise involving a malicious package, polymarket-clob, that targeted cryptocurrency users by exfiltrating sensitive local files (including .env, wallets.json, and keys/*.json) to attacker-controlled infrastructure. The package was published in the npm registry, downloaded at least 189 times (lower bound), and later removed and replaced with a security placeholder; analysis of the code and infrastructure pivoting linked the campaign to broader activity consistent with wallet-drainer operations and Vidar stealer-related infrastructure, including reuse of SSH fingerprints and consistent hosting patterns.
Separately, researchers disclosed six JavaScript “zero-day” bypass issues across multiple package managers—npm, pnpm, vlt, and Bun—that undermine common defensive controls used to reduce supply-chain risk, including disabling lifecycle scripts and relying on lockfile integrity. The issues (dubbed “PackageGate”) reportedly enable paths to regain install-time code execution or weaken integrity guarantees via mechanisms such as Git dependency handling, tar extraction behaviors, and incomplete integrity coverage for URL-based tarballs; pnpm, vlt, and Bun were reported as patched, while npm characterized the behavior as “works as expected,” raising concern that package-manager-level weaknesses could enable large-scale compromise even in hardened environments.
Related Entities
Affected Products
Sources
Related Stories
Software Supply Chain Threats Targeting Open-Source Ecosystems and Developer Tooling
Open-source software supply chain risk continued to escalate, with reporting citing **454,600+** newly identified malicious packages across major repositories (including **PyPI, npm, Maven Central, NuGet, and Hugging Face**) and tactics ranging from **credential theft** to **multi-stage attacks** and even early **self-replicating** package malware. The activity reportedly concentrated heavily in **npm**, including high-volume “ecosystem flooding” (e.g., single accounts publishing **150,000+** malicious packages in days) and **hijacking of trusted projects**, exploiting developer reliance on superficial trust signals such as package names, READMEs, and download counts. Separately, researchers disclosed **“PackageGate”** vulnerabilities in JavaScript package managers (**npm, pnpm, vlt, and Bun**) that can bypass common post-incident defenses—namely `--ignore-scripts` and lockfile integrity—enabling malicious code execution via compromised dependencies. Koi Security reported six issues; **pnpm, vlt, and Bun** shipped fixes, while **npm** reportedly treated the behavior as expected. In parallel, threat actors abused **GitHub’s fork architecture** to distribute a spoofed *GitHub Desktop* installer promoted via search ads; execution deployed **HijackLoader** and established persistence via a **scheduled task**, underscoring that supply chain threats extend beyond package registries into developer tooling distribution channels.
1 months ago
Software Supply-Chain Attacks Abusing GitHub and npm Dependency Mechanisms
Security researchers reported two distinct software supply-chain abuse paths that can make malicious code appear to originate from trusted sources. GMO Cybersecurity by Ierae described an active campaign dubbed **“repo squatting”** that abuses how GitHub renders and links commits from forks: a commit made in an attacker-controlled fork can be viewed under the upstream project’s URL structure, enabling convincing links like `github.com/<official-org>/<repo>/commit/<hash>` that appear to belong to the official repository. The campaign targeted the *GitHub Desktop* project by distributing a trojanized installer carrying **HijackLoader**, with the malicious download link presented in a way that could mislead users and some security tooling into believing it came from the official repo. Separately, Koi researchers disclosed **PackageGate** weaknesses in JavaScript dependency tooling that allow bypassing npm’s post–**Shai-Hulud** mitigations when installing **Git-based dependencies**. They reported that a malicious `.npmrc` in a Git dependency can override the `git` binary path, enabling **code execution even when lifecycle scripts are disabled** (e.g., `--ignore-scripts=true`), affecting multiple tools (including *pnpm*, *vlt*, *Bun*, and *npm*). Vendors reportedly addressed the issue in the non-npm tools, while npm closed the report as “works as expected,” and researchers cited evidence of prior proof-of-concept abuse (e.g., reverse shell) indicating practical exploitation risk for organizations relying on Git dependencies in CI/CD and developer environments.
1 months ago
npm Supply-Chain Attacks Steal Developer Tokens and Enable Cloud Compromise
Threat actors are using **malicious npm packages** to steal developer credentials and CI/CD secrets, enabling rapid escalation into cloud environments. Google reported that **UNC6426** leveraged keys stolen during the earlier compromise of the *nx* npm ecosystem to pivot from a stolen developer GitHub token into **AWS administrative access within 72 hours**, abusing **GitHub-to-AWS OpenID Connect (OIDC) trust** to create a new admin role. The actor then used that access to **exfiltrate data from AWS S3** and conduct **destructive actions** in production cloud environments; the initial *nx* compromise involved a GitHub Actions `pull_request_target` workflow abuse (“**Pwn Request**”) that enabled publishing trojanized packages containing a `postinstall` chain that executed the **QUIETVAULT** JavaScript credential stealer and uploaded stolen data to a public GitHub repo (`/s1ngularity-repository-1`). Separately, researchers reported new waves of the **PhantomRaven** npm supply-chain campaign distributing **88 additional malicious packages** (via ~50 disposable accounts) that target JavaScript developers by exfiltrating secrets from files like `.gitconfig` and `.npmrc`, environment variables, and CI/CD tokens (e.g., GitHub/GitLab/Jenkins/CircleCI). The campaign uses **slopsquatting** (LLM-suggested lookalike package names) and a stealth technique called **Remote Dynamic Dependencies (RDD)**, where `package.json` pulls a dependency from an external URL so the malicious payload is fetched at install time (`npm install`) and can evade static package inspection; researchers indicated many of these packages remained available in the npm registry at the time of reporting.
5 days ago