Securing the Open-Source Ecosystem: Lessons from Recent NPM Attacks

The open-source ecosystem drives software innovation, but its scale also introduces a broad—and rapidly evolving—attack surface. Recent wide-reaching incidents have exposed new tactics in the compromise of npm packages.  

These recent threats were brought to light thanks to the swift work of independent researchers and security teams, including Charlie Eriksen at Aikido Security and other members of the community who analyzed, reported, and shared critical details as the attacks unfolded. The situation is still unfolding as we continue to find more packages (see the bottom of the blog), and we will update this blog as information becomes available. 

Overview: Multiple Coordinated Attacks Targeting npm 

Threat actors are accelerating efforts to compromise the JavaScript ecosystem, impacting both popular and specialized packages. While recent incidents made headlines, the attack surfaced as part of a larger campaign affecting high-profile packages such as chalk, debug, and many others—representing billions of weekly downloads. 

These recent attacks unfolded in rapid succession, exploiting both technical and social weaknesses across the npm ecosystem. 

The Timeline: What Happened? 

Phishing and Opportunistic Impersonation 

The attack began with a phishing email sent to the developer stating that his 2FA needed to be updated. The malicious link directed the developer to an identical, but fraudulent copy of npm’s website. There the attacker harvested the developer’s credentials and promptly locked the developer out of his account. The attacker then published trojanized versions of every popular package while the developer was helpless to stop him. 

Direct Compromise: DuckDB and Beyond 

Shortly after, attackers successfully targeted the DuckDB team via phishing. Malicious versions of legitimate packages—including duckdb, @duckdb/node-api, and related modules—appeared on npm, each propagating the same malicious payload. The compromise led to the exfiltration of sensitive environment variables from development and CI environments. 

Broad-Scale Package Takeovers: The Chalk and Debug Incident 

More alarmingly, a coordinated attack breached the accounts of multiple popular npm package maintainers through targeted phishing campaigns. Packages such as chalk, debug, supports-color, and others were updated with obfuscated browser-based malware. These packages collectively see billions of downloads per week, amplifying the potential blast radius. 

Browser-Based Malware: How It Worked 

The sophisticated malware injected itself into the browser context by hooking into JavaScript APIs such as fetch, XMLHttpRequest, and wallet interfaces (e.g., window.ethereum). Its capabilities included: 

• Intercepting and manipulating crypto and web3 transactions 
• Hijacking payment destinations and approvals for attacker-controlled wallets 
• Altering displayed content and API calls to reroute digital assets 
• Remaining stealthy by mimicking legitimate values and avoiding user suspicion 

The campaigns often began with phishing emails crafted to impersonate npm support, convincing package owners to reveal credentials. Attackers then published backdoored versions, weaponizing the trust in established open-source dependencies. 

The Threat: Multi-Layered Supply Chain Risks 

These incidents signal a shift from isolated opportunistic attacks to coordinated, multi-stage campaigns. Attack techniques included: 

• Phishing and social engineering of maintainers 
• Typosquatting and impersonation 
• Injection of browser-based malware with crypto-stealing capabilities 
• Rapid propagation via popular dependencies 

Attackers targeted both servers and browsers—exfiltrating credentials, rerouting crypto transactions, and potentially compromising user data at scale. 

Lessons from the Response: What Actually Works 

As attackers adapt, so must your defense model. Veracode has observed the following steps strengthen supply chain security: 

• Speed Matters More Than You Think: During the incident, the window between initial compromise and widespread exploitation was under 4 hours. Organizations need automated blocking that operates in minutes, not daily scan cycles. Manual review processes, even with skilled teams, simply can’t match the velocity of modern attacks. 
• Detection Requires Behavioral Analysis, Not Just Signatures: These packages passed traditional security checks – valid signatures, familiar names, trusted maintainers. The malicious code was only detectable through behavioral analysis: unusual obfuscation patterns, suspicious API hooking, and anomalous publishing velocity from compromised accounts. 
• The SBOM Paradox: While SBOMs are critical, these incidents revealed a gap: knowing what you have doesn’t help if you can’t instantly act on new intelligence. Organizations need the ability to retroactively identify and remediate packages that were clean when installed but later compromised. 
• Developer Experience Can’t Be an Afterthought: Security teams who successfully prevented these attacks had one thing in common: developers actually used their tools. Blocking must be transparent, with clear explanations and fast alternatives, or developers will bypass controls entirely. 

Veracode Customers Remain Protected 

Veracode customers using Package Firewall are shielded from these threats, with the Package Firewall preventing both server- and browser-targeted malware from reaching the SDLC. Customers can also use Software Composition Analysis (SCA) to detect the usage of these malicious packages. 

Veracode’s Supply Chain offerings are designed to protect our customers from these types of attacks with: 

1. Proactive Threat Monitoring: The Veracode Threat Research Team continuously tracks open-source activity. Automated detection and expert analysis quickly identify anomalous publishing behavior, code obfuscation, and indicators of malware. 
2. Immediate Blocking: Once a package is confirmed to be malicious, it is programmatically blocklisted. Veracode Package Firewall prevents vulnerable or compromised packages—including those from the chalk, debug, and DuckDB campaigns—from being installed in customer environments. 
3. Policy Enforcement: Customers maintain strict controls over allowable packages. Policies enforced by Veracode automatically block introductions of newly compromised packages and prevent execution of malicious scripts. 
4. Expert Guidance: The team continuously issues updates and actionable recommendations to help organizations respond quickly and confidently when new supply chain threats emerge. 

NPM Attacks Conclusion: Stay Ahead of Advanced Threats 

These recent npm attacks are a wakeup call: supply chain risks are increasing in scale and complexity. Attackers now target not only servers, but also browsers and end users, through high-trust dependencies. Standard reactive security is no longer sufficient. 

Veracode empowers you to adopt a proactive, defense-ready stance—protecting your developers, your users, and your business from the next wave of sophisticated supply chain attacks. 

Reach out to learn more. 

All Known Affected Packages 

Here is a list we will update containing the packages known to be affected by this malware: 

• @coveops/abi@2.0.1 
• @duckdb/duckdb-wasm@1.29.2 
• @duckdb/node-api@1.3.3 
• @duckdb/node-bindings@1.3.3 
• ansi-regex@6.2.1 
• ansi-styles@6.2.2 
• backslash@0.2.1 
• chalk-template@1.1.1 
• chalk@5.6.1 
• color-convert@3.1.1 
• color-name@2.0.1 
• color-string@2.1.1 
• debug@4.4.2 
• duckdb@1.3.3 
• error-ex@1.3.3 
• has-ansi@6.0.1 
• is-arrayish@0.3.3 
• prebid-universal-creative@1.17.3
• prebid.js@10.9.2
• proto-tinker-wc@0.1.87 
• simple-swizzle@0.2.3 
• slice-ansi@7.1.1 
• strip-ansi@7.1.1 
• supports-color@10.2.1 
• supports-hyperlinks@4.1.1 
• wrap-ansi@9.0.1 

It is worth noting that color@5.0.1 was not affected by this malware as was reported by others, however the version has been removed from npm.