pull down to refresh

0 sats \ 1 reply \ @Bell_curve OP 23h \ on: EMERGENCY: Bitcoin Wallets Compromised! DO NOT SIGN TX Before Watching bitcoin
from Claude...
Based on the research I've gathered, here are the 18 specific NPM packages that were compromised in this supply chain attack:

The Compromised Packages (with weekly download numbers):

Starting at September 8th, 13:16 UTC, these 18 very popular packages were compromised:
Highest Impact Packages:
  • ansi-styles - 371.41 million downloads/week
  • debug - 357.6 million downloads/week
  • chalk - 299.99 million downloads/week
  • strip-ansi - 261.17 million downloads/week
  • ansi-regex - 243.64 million downloads/week
  • wrap-ansi - 197.99 million downloads/week
  • color-convert - 193.5 million downloads/week
  • color-name - 191.71 million downloads/week
Medium Impact Packages:
  • is-arrayish - 73.8 million downloads/week
  • slice-ansi - 59.8 million downloads/week
  • error-ex - 47.17 million downloads/week
  • color-string - 27.48 million downloads/week
  • simple-swizzle - 26.26 million downloads/week
  • supports-hyperlinks - 19.2 million downloads/week
  • has-ansi - 12.1 million downloads/week
Lower Impact Packages:
  • chalk-template - 3.9 million downloads/week
  • supports-color - 287.1 million downloads/week
  • backslash - 0.26 million downloads/week

What These Packages Do

These are all fundamental utility packages that handle basic functions like:
  • Text coloring and formatting (chalk, ansi-styles, color-convert)
  • Debugging output (debug)
  • String manipulation (strip-ansi, wrap-ansi)
  • Error handling (error-ex)

The Scale

These utilities underpin much of the modern web and collectively account for more than 2.6 billion weekly downloads. They're the kind of packages that get included in almost every JavaScript project without developers even realizing it.

How the Attack Happened

Hackers compromised the npm account of Josh Goldberg, a well-known open-source maintainer known as "Qix," through a phishing campaign that targeted npm maintainers with emails impersonating the platform's support team.
These aren't flashy frameworks - they're the invisible building blocks that millions of websites and applications depend on, which is exactly what made this attack so devastating.
write
preview
11 sats \ 0 replies \ @SimpleStacker 23h
How the heck does an experienced open source maintainer fall for a phishing attack?
It must have been a very sophisticated and convincing phishing attempt?!
reply