Malicious npm packages just leveled up: this one dropped a self-spreading worm that hijacks repos and leaks secrets the moment it lands. It abuses `postinstall` scripts to run TruffleHog and swipe tokens straight from your codebase. Then it uses GitHub Actions to exfiltrate the loot and auto-publish more poisoned packages—spreading the infection across orgs whenever new tokens pop up in CI/CD. This is the first time JavaScript’s supply chain has seen something this self-replicating. It’s not just malware—it’s an outbreak.
Give a Pawfive to this post!
Share with your friends and followers
Start blogging about your favorite technologies, reach more readers and earn rewards!
Join other developers and claim your FAUN.dev account now!
