Supply Chain Attack

Bi

Malicious packages overwhelm NPM with over 86,000 downloads

Theo Klein

Security firm Koi has uncovered a campaign called PhantomRaven that flooded the NPM registry with 126 malicious packages since August. These packages, downloaded more than 86,000 times, exploit a feature allowing unvetted dependencies from untrusted sites. As of late October 2025, about 80 of the packages remained available.

Wannan gidan yanar gizon yana amfani da kukis

Muna amfani da kukis don bincike don inganta shafinmu. Karanta manufofin sirri namu manufofin sirri don ƙarin bayani.
Ki