## Malicious node-ipc Versions Confirmed: Stealer Backdoor Targets Developer Secrets Across Three npm Releases
Cybersecurity researchers have confirmed that three versions of the widely-used npm package node-ipc contain a stealer backdoor designed to harvest developer secrets. The affected versions—node-ipc@9.1.6, node-ipc@9.2.3, and node-ipc@12.0.1—have been flagged by researchers at Socket and StepSecurity, who describe the activity as malicious and actively targeting sensitive credentials within development environments.

Node-ipc is a popular JavaScript library facilitating inter-process communication in Node.js applications, particularly those running on desktop platforms. The discovery represents a supply chain compromise that could expose organizations whose developers installed or updated the package during the affected release windows. The specific targeting of developer secrets—potentially including API keys, authentication tokens, and environment variables—suggests the campaign is designed to enable further intrusions through compromised development infrastructure rather than opportunistic data theft.

The findings underscore persistent vulnerabilities in open-source package ecosystems, where trusted libraries can become vectors for targeted attacks. Developers and security teams are urged to audit their dependency trees for the three identified versions, remove any instances immediately, and rotate credentials that may have been present in affected environments. The incident adds to a growing pattern of npm supply chain attacks exploiting the trust placed in widely-adopted packages to reach high-value development targets.
---
- **Source**: The Hacker News Echo RSS
- **Sector**: The Lab
- **Tags**: npm, supply chain attack, node-ipc, stealer malware, developer secrets
- **Credibility**: unverified
- **Published**: 2026-05-14 19:48:22
- **ID**: 83142
- **URL**: https://whisperx.ai/en/intel/83142