Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer’s account was compromised in a phishing attack.
The attack targeted Josh Junon (aka Qix), who received an email message that mimicked npm (“support@npmjs[.]help”), urging them to update their update their two-factor authentication (2FA) credentials before September 10, 2025, by clicking on embedded link.
The phishing page is said to have prompted the co-maintainer to enter their username, password, and two-factor authentication (2FA) token, only for it to be stolen likely by means of an adversary-in-the-middle (AitM) attack and used to publish the rogue version to the npm registry.
The following 20 packages, which collectively attract over 2 billion weekly downloads, have been confirmed as affected as part of the incident –
- ansi-regex@6.2.1
- ansi-styles@6.2.2
- backslash@0.2.1
- chalk@5.6.1
- chalk-template@1.1.1
- color-convert@3.1.1
- color-name@2.0.1
- color-string@2.1.1
- debug@4.4.2
- error-ex@1.3.3
- has-ansi@6.0.1
- is-arrayish@0.3.3
- proto-tinker-wc@1.8.7
- supports-hyperlinks@4.1.1
- simple-swizzle@0.2.3
- slice-ansi@7.1.1
- strip-ansi@7.1.1
- supports-color@10.2.1
- supports-hyperlinks@4.1.1
- wrap-ansi@9.0.1
“Sorry everyone, I should have paid more attention,” Junon said in a post on Bluesky. “Not like me; have had a stressful week. Will work to get this cleaned up.”
An analysis of the obfuscated malware injected into the source code reveals that it’s designed to intercept cryptocurrency transaction requests and swap the destination wallet address with an attacker-controlled wallet that closely matches it by computing the Levenshtein distance.
According to Aikido Security’s Charlie Eriksen, the payload acts as a browser-based interceptor that hijacks network traffic and application APIs to steal cryptocurrency assets by rewriting requests and responses. It’s currently not known who is behind the attack.
“The payload begins by checking typeof window !== ‘undefined’ to confirm it is running in a browser,” Socket said. “It then hooks into window.fetch, XMLHttpRequest, and window.ethereum.request, along with other wallet provider APIs.”
“This means the malware targets end users with connected wallets who visit a site that includes the compromised code. Developers are not inherently the target, but if they open an affected site in a browser and connect a wallet, they too become victims.”
Package ecosystems like npm and the Python Package Index (PyPI) remain recurring targets due to their popularity and broad reach within the developer community, with attackers abusing the trust associated with these platforms to push malicious payloads.
Beyond publishing malicious packages directly, attackers have also employed techniques such as typosquatting or even exploiting AI-hallucinated dependencies – called slopsquatting – to trick developers into installing malware. The incident once indicates the need for exercising vigilance and hardening CI/CD pipelines and locking down dependencies.
According to ReversingLabs’ 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in 2024 targeted npm, with the remainder linked to PyPI.
“What we are seeing unfold with the npm packages chalk and debug is an unfortunately common instance today in the software supply chain,” Ilkka Turunen, Field CTO at Sonatype, told The Hacker News.
“The malicious payload was focused on crypto theft, but this takeover follows a classic attack that is now established – by taking over popular open source packages, adversaries can steal secrets, leave behind backdoors and infiltrate organizations.”
“It was not a random choice to target the developer of these packages. Package takeovers are now a standard tactic for advanced persistent threat groups like Lazarus, because they know they can reach a large amount of the world’s developer population by infiltrating a single under-resourced project.”
