Tech News
← Back to articles

NPM debug and chalk packages compromised

2025-10-31 | original
read original related products more articles

Starting at September 8th, 13:16 UTC, our Aikido intel feed alerted us to a series packages being pushed to npm, which appeared to contain malicious code. These were 18 very popular packages,

backslash (0.26m downloads per week)

chalk-template (3.9m downloads per week)

supports-hyperlinks (19.2m downloads per week)

has-ansi (12.1m downloads per week)

simple-swizzle (26.26m downloads per week)

color-string (27.48m downloads per week)

error-ex (47.17m downloads per week)

color-name (191.71m downloads per week)

is-arrayish (73.8m downloads per week)

... continue reading

Related:
China Delays Shenzhou-20 Crew Return After Suspected Space Debris Impact
Remember, Remember, ‘V for Vendetta’ Is Back in Theaters Next November
The importance of past rifting in large igneous province development
Grayskull: A tiny computer vision library in C for embedded systems, etc.
The Most-Hated MacBook Could Return Without the Same Compromises

© 2025 GoKawiil