20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

Source: The Hacker News

Author: info@thehackernews.com (The Hacker News)

URL: https://thehackernews.com/2025/09/20-popular-npm-packages-with-2-billion.html

ONE SENTENCE SUMMARY:

A phishing attack on a maintainer of npm packages led to a software supply chain attack affecting 20 popular packages.

MAIN POINTS:

1. Maintainer’s account compromised via phishing email mimicking npm support.
2. Attack targeted Josh Junon, co-maintainer of several npm packages.
3. 20 npm packages affected; over 2 billion weekly downloads.
4. Malware intercepts cryptocurrency transactions, alters destination wallet.
5. Payload acts as a browser-based interceptor hijacking network traffic.
6. Attack exploits trust in npm and PyPI package ecosystems.
7. Techniques include typosquatting and exploiting AI-hallucinated dependencies.
8. 14 of 23 crypto-related attacks in 2024 targeted npm.
9. Targeting developers is strategic for reaching wide audiences.
10. Package takeovers commonly used by advanced persistent threat groups.

TAKEAWAYS:

1. Vigilance and security in CI/CD pipelines are crucial.
2. Increasing attacks on software supply chain platforms like npm.
3. Popular open source packages remain high-value targets.
4. Developers need awareness of phishing and security practices.
5. Strengthening account security and monitoring is essential.