Supply Chain Attack

Følg

Malicious packages overwhelm NPM with over 86,000 downloads

Theo Klein

Security firm Koi has uncovered a campaign called PhantomRaven that flooded the NPM registry with 126 malicious packages since August. These packages, downloaded more than 86,000 times, exploit a feature allowing unvetted dependencies from untrusted sites. As of late October 2025, about 80 of the packages remained available.

Dette nettstedet bruker informasjonskapsler

Vi bruker informasjonskapsler for analyse for å forbedre nettstedet vårt. Les vår personvernerklæring for mer informasjon.
Avslå