npm
-
Blog
Developers beware: Malware has been found in a dozen popular NPM packages – here’s what you need to know
More than a dozen NPM packages, with a combined million weekly downloads, have been compromised to deliver malware. Node Package Manager (NPM) is the widely-used default package manager for the JavaScript runtime environment, Node.js, and is used to install libraries, share packages, manage dependencies, run scripts, and more. A newly-discovered Remote Access Trojan (RAT) enables an attacker to execute shell…
Read More » -
Blog
Malicious npm packages posing as utilities delete project directories
Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application directories. The data wiper packages are ‘express-api-sync’ and ‘system-health-sync-api,’ and pose as database syncing and system health monitoring Ttools. According to open-source software security firm Socket, they both contain backdoors that enable…
Read More » -
Blog
Supply chain attack hits Gluestack NPM packages with 960K weekly downloads
A significant supply chain attack hit NPM after 16 popular Gluestack ‘react-native-aria’ packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT). BleepingComputer determined that the compromise began on June 6 at 4:33 PM EST, when a new version of the react-native-aria/focus package was published to NPM. Since then, 16 of the 20…
Read More » -
Blog
Dozens of malicious packages on NPM collect host and network data
60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor. According to Socket’s Threat Research team, the packages were uploaded to the NPM repository starting May 12 from three publisher accounts. Each of the malicious packages contains a post-install script that…
Read More » -
Blog
Supply chain attack hits npm package with 45,000 weekly downloads
An npm package named ‘rand-user-agent’ has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user’s system. The ‘rand-user-agent‘ package is a tool that generates randomized user-agent strings, which is helpful in web scraping, automated testing, and security research. Although the package has been deprecated, it remains fairly popular,…
Read More » -
Blog
Remote Teams NPM: Monitor & Optimize Networks
Whether an organization has embraced a fully remote workforce or a hybrid model, maintaining network performance across geographically dispersed teams is a core task. As businesses increasingly rely on cloud-based applications, collaboration tools, and real-time communication systems, it becomes essential to ensure that network performance remains optimal for remote workers to perform at their best. Network performance monitoring (NPM) tools…
Read More » -
Blog
Infostealer campaign compromises 10 npm packages, targets devs
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers’ systems. The campaign targeted multiple cryptocurrency-related packages, and the popular ‘country-currency-map’ package was downloaded thousands of times a week. The malicious code was discovered by Sonatype researcher Ali ElShakankiry and is found in two heavily obfuscated scripts, “/scripts/launch.js” and “/scripts/diagnostic-report.js,” which execute upon…
Read More » -
Blog
North Korean Lazarus hackers infect hundreds via npm packages
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. The packages, which have been downloaded 330 times, are designed to steal account credentials, deploy backdoors on compromised systems, and extract sensitive cryptocurrency information. The Socket Research Team discovered the campaign, which linked it to previously known Lazarus supply chain operations.…
Read More » -
Blog
Install NPM on Ubuntu 24.04
The Node Package Manager (NPM) is a tool that allows developers to install and work with different JavaScript packages efficiently. Installing NPM involves installing Node.js, and this post shares all the insights you need to install NPM.Node.js is a suitable option for anyone looking to have a scalable backend that utilizes JavaScript. Node.js is built on Chrome’s V8 JS engine,…
Read More » -
Blog
Malicious npm packages target Ethereum developers’ private keys
Twenty malicious packages impersonating the Hardhat development environment used by Ethereum developers are targeting private keys and other sensitive data. Collectively, the malicious packages have recorded more than one thousand downloads, researchers say. Narrow targeting campaign Hardhat is a widely used Ethereum development environment maintained by the Nomic Foundation. It is used for developing, testing, and deploying smart contracts and decentralized…
Read More »