Malicious npm Packages Spread Through `binding.gyp` Across Popular JavaScript Libraries
Security researchers reported a renewed npm supply-chain campaign affecting a wide range of JavaScript and TypeScript packages, with malicious versions published across families including autotel, awaitly, executable-stories, node-env-resolver, AI SDK components, telemetry libraries, and ESLint-related tooling. StepSecurity described the activity as a binding.gyp-based attack that spreads "like a worm," while OX Security linked the activity to the returning Miasma campaign and said the affected packages collectively account for roughly 647,000 monthly downloads.
The published notices focus on package exposure rather than a CVE-style vulnerability disclosure, listing compromised package names and exact version numbers as the primary indicators of risk. Across both reports, the incident is characterized as a software supply-chain compromise in the npm ecosystem, with no confirmed threat actor attribution, malware family details beyond the Miasma label, or technical exploit chain disclosed in the available summaries.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
OX Security reports npm supply chain attack affecting 647K monthly downloads
OX Security published a notice describing the return of the "Miasma" npm supply chain attack and listed affected package families and versions, stating that about 647,000 monthly downloads were at risk.
StepSecurity publishes notice on malicious npm package versions
StepSecurity published a security notice identifying numerous malicious versions across a broad set of npm packages, describing a software supply chain compromise affecting multiple namespaces and tooling categories.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Miasma is Back on npm: 647K Monthly Downloads at Risk
ox.security
Open sourceMiasma is Back on npm: 647K Monthly Downloads at Risk
ox.security
Open sourcebinding.gyp: An npm Supply Chain Attack That Spreads Like a Worm - StepSecurity
stepsecurity.io
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Malicious NPM Packages Targeting the JavaScript Supply Chain
A large-scale attack on the NPM (Node Package Manager) ecosystem has been uncovered, involving the publication of over 64,000 malicious packages by a coordinated group known as the IndonesianFoods worm. This campaign, active for more than two years, leveraged at least seven newly created NPM user accounts to distribute the malicious packages, which are notable for their consistent naming patterns and unusual internal dictionary. The attackers focused on creating new packages rather than stealing credentials, and the scale of the operation more than doubles the previously known number of malicious NPM packages. Security researchers have made available a comprehensive list of the affected packages and user accounts for further analysis. In a separate but related incident, researchers identified a highly popular fake NPM package, "@acitons/artifact," which was downloaded over 206,000 times. This package used a typosquatting technique to mimic the legitimate GitHub Actions Toolkit and was designed to steal GitHub credentials by executing a malicious post-install script. The attack highlights the growing threat of software supply chain compromises, with the malicious package aiming to exfiltrate tokens from build environments and potentially publish further malicious artifacts. Both incidents underscore the increasing sophistication and scale of supply chain attacks targeting the JavaScript development community.
Mar 21, 2026
Software Supply Chain Threats Targeting Open-Source Ecosystems and Developer Tooling
Open-source software supply chain risk continued to escalate, with reporting citing **454,600+** newly identified malicious packages across major repositories (including **PyPI, npm, Maven Central, NuGet, and Hugging Face**) and tactics ranging from **credential theft** to **multi-stage attacks** and even early **self-replicating** package malware. The activity reportedly concentrated heavily in **npm**, including high-volume “ecosystem flooding” (e.g., single accounts publishing **150,000+** malicious packages in days) and **hijacking of trusted projects**, exploiting developer reliance on superficial trust signals such as package names, READMEs, and download counts. Separately, researchers disclosed **“PackageGate”** vulnerabilities in JavaScript package managers (**npm, pnpm, vlt, and Bun**) that can bypass common post-incident defenses—namely `--ignore-scripts` and lockfile integrity—enabling malicious code execution via compromised dependencies. Koi Security reported six issues; **pnpm, vlt, and Bun** shipped fixes, while **npm** reportedly treated the behavior as expected. In parallel, threat actors abused **GitHub’s fork architecture** to distribute a spoofed *GitHub Desktop* installer promoted via search ads; execution deployed **HijackLoader** and established persistence via a **scheduled task**, underscoring that supply chain threats extend beyond package registries into developer tooling distribution channels.
Mar 21, 2026
Malicious open-source packages and developer-targeted supply chain attacks
Security researchers reported multiple **software supply chain** threats targeting developers via public package ecosystems. Tenable analyzed a malicious npm package, **`ambar-src`**, that reached roughly **50,000 downloads** in days before removal; it executed during installation via **malicious `preinstall` behavior**, used evasion techniques, and dropped OS-specific payloads for Windows, Linux, and macOS, with typosquatting assessed as the likely lure (mimicking *`ember-source`*). Separate reporting described a campaign using **malicious NuGet packages** (e.g., **NCryptYo**, **DOMOAuth2_**, **IRAOAuth2.0**, **SimpleWriter_**) that impersonated legitimate .NET libraries, executed code on assembly load, and established local proxying/backdoor behavior to facilitate credential theft and persistence in ASP.NET environments. Additional coverage warned of an npm “worm-like” propagation pattern impacting **CI pipelines and AI coding tools**, reinforcing that developer tooling and build systems are high-risk choke points where a single poisoned dependency can spread quickly across environments. While the broader set of articles also included unrelated breach, ransomware, and policy items, the developer-focused supply chain reporting consistently emphasized that **installation-time execution** and **typosquatting/impersonation** enable compromise even when developers never directly call the malicious code, and that traditional detection can lag (e.g., low initial antivirus detection rates for obfuscated .NET payloads).
Mar 21, 2026