Subj : npm debug and chalk packages compromised (Aikido)
To   : All
From : LWN.net
Date : Tue Sep 09 2025 06:40:08

The Aikido blog describes
an apparently ongoing series of phishing attacks against npm package
maintainers, resulting in the uploading of compromised versions of heavily
used packages:

All together, these packages have more than 2 billion downloads per
	week.

The packages were updated to contain a piece of code that would be
	executed on the client of a website, which silently intercepts
	crypto and web3 activity in the browser, manipulates wallet
	interactions, and rewrites payment destinations so that funds and
	approvals are redirected to attacker-controlled accounts without
	any obvious signs to the user.

https://lwn.net/Articles/1037167/
--- SBBSecho 3.29-Linux
 * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (86:200/23)

.