Supply Chain Attack

팔로우

Malicious packages overwhelm NPM with over 86,000 downloads

Theo Klein

Security firm Koi has uncovered a campaign called PhantomRaven that flooded the NPM registry with 126 malicious packages since August. These packages, downloaded more than 86,000 times, exploit a feature allowing unvetted dependencies from untrusted sites. As of late October 2025, about 80 of the packages remained available.

이 웹사이트는 쿠키를 사용합니다

당사는 사이트 개선을 위해 분석용 쿠키를 사용합니다. 자세한 내용은 개인정보 처리방침을 참조하세요.
거부