Results 1 to 4 of 4

Thread: NPM Compromised

  1. Sep 24th, 2025, 08:53 AM #1
    dday9
    dday9 is offline

    Thread Starter
    Super Moderator dday9's Avatar
    Join Date
    Mar 2011
    Posts
    12,380

    NPM Compromised

    NPM packages have been compromised by a self-replicating worm known as Shai-Hulud: https://www.blackduck.com/blog/npm-m...ud-threat.html

    Basically it gets credentials and then publishes infected packages as the authenticated (compromised) user.
    "Code is like humor. When you have to explain it, it is bad." - Cory House
    VbLessons | HtmlLessons | CssLessons | Code Tags | Sword of Fury - Jameram
    Reply With Quote Reply With Quote
  2. Sep 24th, 2025, 10:58 AM #2
    Shaggy Hiker
    Shaggy Hiker is offline
    Super Moderator Shaggy Hiker's Avatar
    Join Date
    Aug 2002
    Location
    Idaho
    Posts
    40,104

    Re: NPM Compromised

    If there is a vulnerability, it WILL be exploited...eventually.
    My usual boring signature: Nothing
    Reply With Quote Reply With Quote
  3. Sep 24th, 2025, 12:58 PM #3
    dday9
    dday9 is offline

    Thread Starter
    Super Moderator dday9's Avatar
    Join Date
    Mar 2011
    Posts
    12,380

    Re: NPM Compromised

    I've moved this to General Developer forum. In hindsight, Chit-Chat was probably not the best location.
    "Code is like humor. When you have to explain it, it is bad." - Cory House
    VbLessons | HtmlLessons | CssLessons | Code Tags | Sword of Fury - Jameram
    Reply With Quote Reply With Quote
  4. Sep 29th, 2025, 02:26 AM #4
    Zvoni
    Zvoni is offline
    PowerPoster Zvoni's Avatar
    Join Date
    Sep 2012
    Location
    To the moon and then left
    Posts
    5,263

    Re: NPM Compromised

    Quote Originally Posted by dday9 View Post
    NPM packages have been compromised by a self-replicating worm known as Shai-Hulud: https://www.blackduck.com/blog/npm-m...ud-threat.html

    Basically it gets credentials and then publishes infected packages as the authenticated (compromised) user.
    So someone decided to "spice" it up?
    Last edited by Zvoni; Tomorrow at 31:69 PM.
    ----------------------------------------------------------------------------------------

    One System to rule them all, One Code to find them,
    One IDE to bring them all, and to the Framework bind them,
    in the Land of Redmond, where the Windows lie
    ---------------------------------------------------------------------------------
    People call me crazy because i'm jumping out of perfectly fine airplanes.
    ---------------------------------------------------------------------------------
    Code is like a joke: If you have to explain it, it's bad
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width