npm registry
Coverage of npm registry in the Nexus archive.
- Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
Unknown threat actors compromised the Injective Labs GitHub repository and published a malicious npm package to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised package, @injectivelabs/[email protected], included fake telemetry to exfiltrate wallet data.
- Malicious npm Package Stole Files From Claude AI User Directory via GitHub
A malicious npm package named 'mouse5212-super-formatter' was discovered to steal files from Anthropic's Claude AI user directory. Cybersecurity researchers from OX Security identified the package's ability to upload files from a specific directory used by Claude AI, highlighting a security risk for users of the AI tool.
- Bitwarden CLI npm package compromised to steal developer credentials
The Bitwarden CLI was compromised when attackers uploaded a malicious @bitwarden/cli package to npm, containing a credential-stealing payload designed to spread to other projects. The incident highlights vulnerabilities in package registries and the risks of supply chain attacks.