ADVERTISEMENT

Thousands of Node developers compromised by malware in popular npm packages

Malware in the Node.js ecosystem is hiding in plain sight. Security researchers uncover npm packages with thousands of installs, delivering remote access trojans, infostealers, or backdoors. The largest one has over 45,000 weekly downloads.

Hackers, malware

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
May 12, 2025 Updated: 12 May 2025 2 min read
ADVERTISEMENT

Onslaught of npm packages

Ernestas Naprys Gintaras Radauskas Niamh Ancell Jurgita Lapienyte
Stay informed and get our latest stories on Google News
Add us as your Preferred Source on Google.
ADVERTISEMENT