NPM Supply Chain Attack Hits 20 Popular Packages

Multiple popular npm packages have been compromised in a significant software supply chain attack after a maintainer’s account was taken over through a phishing scam.

The Phishing Scheme

The attack targeted Josh Junon (aka Qix), a maintainer for numerous packages. Junon received an email message that mimicked an official npm alert (“support@npmjs[.]help”), urging them to update their two-factor authentication (2FA) credentials before September 10, 2025, by clicking an embedded link.

The phishing page prompted the co-maintainer to enter their username, password, and 2FA token. This information was likely stolen using an adversary-in-the-middle (AitM) attack and then used to publish rogue versions of the packages to the npm registry.

“Sorry everyone, I should have paid more attention,” Junon said in a post on Bluesky. “Not like me; have had a stressful week. Will work to get this cleaned up.”

Affected Packages

The following 20 packages, which collectively attract over 2 billion weekly downloads, have been confirmed as affected as part of the initial incident:

ansi-regex@6.2.1
ansi-styles@6.2.2
backslash@0.2.1
chalk@5.6.1
chalk-template@1.1.1
color-convert@3.1.1
color-name@2.0.1
color-string@2.1.1
debug@4.4.2
error-ex@1.3.3
has-ansi@6.0.1
is-arrayish@0.3.3
proto-tinker-wc@1.8.7
slice-ansi@7.1.1
simple-swizzle@0.2.3
strip-ansi@7.1.1
supports-color@10.2.1
supports-hyperlinks@4.1.1
supports-hyperlinks@4.1.1 (Note: listed twice in original reports)
wrap-ansi@9.0.1

How the Malware Works

An analysis of the obfuscated malware reveals it was designed to intercept cryptocurrency transaction requests. It swaps the destination wallet address with an attacker-controlled wallet that closely matches the original by computing the Levenshtein distance.

According to Charlie Eriksen of Aikido Security, the payload acts as a browser-based interceptor that hijacks network traffic and application APIs to steal cryptocurrency assets by rewriting requests and responses. It is currently not known who is behind the attack.

“The payload begins by checking typeof window !== 'undefined' to confirm it is running in a browser,” cybersecurity firm Socket explained. “It then hooks into window.fetch, XMLHttpRequest, and window.ethereum.request, along with other wallet provider APIs.”

This means the malware targets end-users with connected wallets who visit a site that includes the compromised code. Developers are not inherently the target, but if they open an affected site in a browser and connect a wallet, they too become victims.

A Recurring Threat

Package ecosystems like npm and the Python Package Index (PyPI) remain recurring targets due to their popularity and broad reach. Attackers abuse the trust associated with these platforms to push malicious payloads.

“What we are seeing unfold with the npm packages chalk and debug is an unfortunately common instance today in the software supply chain,” commented Ilkka Turunen, Field CTO at Sonatype.

“The malicious payload was focused on crypto theft, but this takeover follows a classic attack that is now established – by taking over popular open source packages, adversaries can steal secrets, leave behind backdoors and infiltrate organizations,” Turunen added. “It was not a random choice to target the developer of these packages. Package takeovers are now a standard tactic for advanced persistent threat groups like Lazarus, because they know they can reach a large amount of the world’s developer population by infiltrating a single under-resourced project.”

Supply Chain Attack Broadens

According to reports from Socket and Sonatype, the npm supply chain attack that compromised Qix has also claimed another high-profile maintainer, duckdb_admin, to distribute the same wallet-drainer malware. The additional list of affected packages is below: