Analyst207Apr 8

North Korea-linked actor compromises axios NPM package

A shocking discovery by Google Threat Intelligence Group has exposed a vulnerability in the popular axios NPM package, which has over 100 million weekly downloads, and has raised urgent questions about the trustworthiness of software supply chains. A malicious dependency was secretly introduced into axios releases, putting countless…

https://osintsights.com/north-korea-linked-actor-compromises-axios-npm-package

#Axios #Npm #NodePackageManager #NorthKorea #GoogleThreatIntelligenceGroup

North Korea-linked actor compromises axios NPM package

North Korea-linked actor compromises axios NPM package, threatening software supply chains. Learn how this vulnerability was exploited and take action to secure your applications now.

OSINTSights
Marcel SIneM(S)USSep 17, 2025
Neuer #npm-Großangriff: Hunderte Pakete mit selbst-vermehrender #Malware infiziert | Security https://www.heise.de/news/Neuer-NPM-Grossangriff-Selbst-vermehrende-Malware-infiziert-Dutzende-Pakete-10651111.html #NodeJS #worm #NodePackageManager
Neuer npm-Großangriff: Hunderte Pakete mit selbst-vermehrender Malware infiziert

Womöglich stecken hinter der Attacke dieselben Angreifer wie beim letzten Mal. Ihr Schadcode trägt den Namen eines prominenten Science-Fiction-Monsters in sich.

heise online
Jason GaylordJul 3, 2023

Do you use NPM and have a need to combine scripts and run in parallel? Follow my tip here: https://jasong.us/3JzXeOH

#webdev #webdevelopment #javascript #js #npm #node #nodepackagemanager #devtip #devtips #developers #development #dev #web #webdevtip #scripts #scripting

Executing Concurrent NPM Scripts

All along, we’ve been able to run multiple NPM scripts in the same run command. Here’s the scenario: Imagine that we have a script that is called buildStaging and another called buildProduction. We could run both scripts out of the box with NPM by creating a new script, let’s call it build and setting the value to npm run buildStaging && npm run buildProduction. The problem with this is that buildProduction won’t start until buildStaging is complete.

Jason N. Gaylord
Aral BalkanApr 7, 2023

Always fun when npm’s publish authentication route 404s.

#NodePackageManager #npm #npmjs #js #node

ITSEC NewsJan 15, 2020
Malicious npm package taken down after Microsoft warning - Criminals have been caught trying to sneak a malicious package on to the popular Node.js platform ... more: https://nakedsecurity.sophos.com/2020/01/15/malicious-npm-package-taken-down-after-microsoft-warning/ #microsoftvulnerabilityresearch #nodepackagemanager #maliciouspackage #securitythreats #vulnerability #microsoft #backdoor #unix #npm
Malicious npm package taken down after Microsoft warning

Naked Security