{"id":2755,"date":"2025-05-23T12:17:14","date_gmt":"2025-05-23T12:17:14","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=2755"},"modified":"2025-05-23T12:17:15","modified_gmt":"2025-05-23T12:17:15","slug":"harmful-malware-obtainable-in-npm-repo-went-unnoticed-for-two-years","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=2755","title":{"rendered":"Harmful malware obtainable in NPM repo went unnoticed for two years"},"content":{"rendered":"<p> <br \/>\n<br \/><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2025\/05\/malware-threat-1000x648.jpg\" \/><\/p>\n<p>Researchers have discovered malicious software program that obtained greater than 6,000 downloads from the NPM repository over a two-year span, in yet one more discovery displaying the hidden threats customers of such open supply archives face.<\/p>\n<p>Eight packages utilizing names that intently mimicked these of extensively used official packages contained harmful payloads designed to deprave or delete necessary knowledge and crash programs, Kush Pandya, a researcher at safety agency Socket, <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/socket.dev\/blog\/malicious-npm-packages-target-react-vue-and-vite-ecosystems-with-destructive-payloads\">reported Thursday<\/a>. The packages have been obtainable for obtain for greater than two years and accrued roughly 6,200 downloads over that point.<\/p>\n<h2>A range of assault vectors<\/h2>\n<p>\u201cWhat makes this marketing campaign significantly regarding is the range of assault vectors\u2014from refined knowledge corruption to aggressive system shutdowns and file deletion,\u201d Pandya wrote. \u201cThe packages had been designed to focus on completely different components of the JavaScript ecosystem with diversified techniques.\u201d<\/p>\n<p><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/arstechnica.com\/information-technology\/2025\/05\/destructive-malware-available-in-npm-repo-went-unnoticed-for-2-years\/\">Learn full article<\/a><\/p>\n<p><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/arstechnica.com\/information-technology\/2025\/05\/destructive-malware-available-in-npm-repo-went-unnoticed-for-2-years\/#comments\">Feedback<\/a><\/p>\n\n","protected":false},"excerpt":{"rendered":"<p>Researchers have discovered malicious software program that obtained greater than 6,000 downloads from the NPM repository over a two-year span, in yet one more discovery displaying the hidden threats customers of such open supply archives face. Eight packages utilizing names that intently mimicked these of extensively used official packages contained harmful payloads designed to deprave [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":2757,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[54],"tags":[2663,216,1116,2664,2665,1745],"class_list":["post-2755","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tech-news","tag-destructive","tag-malware","tag-npm","tag-repo","tag-unnoticed","tag-years"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/2755","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2755"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/2755\/revisions"}],"predecessor-version":[{"id":2756,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/2755\/revisions\/2756"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/2757"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2755"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2755"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2755"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 69d9690a190636c2e0989534. Config Timestamp: 2026-04-10 21:18:02 UTC, Cached Timestamp: 2026-05-06 16:52:43 UTC -->