Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers.”The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling
First seen on thehackernews.com
Jump to article: thehackernews.com/2025/09/40-npm-packages-compromised-in-supply.html
