Supply Chain Attack

Følg

Malicious packages overwhelm NPM with over 86,000 downloads

Theo Klein

Security firm Koi has uncovered a campaign called PhantomRaven that flooded the NPM registry with 126 malicious packages since August. These packages, downloaded more than 86,000 times, exploit a feature allowing unvetted dependencies from untrusted sites. As of late October 2025, about 80 of the packages remained available.

Dette websted bruger cookies

Vi bruger cookies til analyse for at forbedre vores side. Læs vores privatlivspolitik for mere information.
Afvis