Skip to content
The Nexus
DossierENTITY

npm registry

Coverage of npm registry in the Nexus archive.

Earliest in view: Apr 23 · 19:21 UTCMost recent: Jul 10 · 17:29 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJul 10 · 17:29 UTCTHE HACKER NEWS
    Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

    Unknown threat actors compromised the Injective Labs GitHub repository and published a malicious npm package to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised package, @injectivelabs/[email protected], included fake telemetry to exfiltrate wallet data.

  • SECURITYMay 27 · 15:44 UTCTHE HACKER NEWS
    Malicious npm Package Stole Files From Claude AI User Directory via GitHub

    A malicious npm package named 'mouse5212-super-formatter' was discovered to steal files from Anthropic's Claude AI user directory. Cybersecurity researchers from OX Security identified the package's ability to upload files from a specific directory used by Claude AI, highlighting a security risk for users of the AI tool.

  • SECURITYApr 23 · 19:21 UTCBLEEPING COMPUTER
    Bitwarden CLI npm package compromised to steal developer credentials

    The Bitwarden CLI was compromised when attackers uploaded a malicious @bitwarden/cli package to npm, containing a credential-stealing payload designed to spread to other projects. The incident highlights vulnerabilities in package registries and the risks of supply chain attacks.