## Supply Chain Attack: Malicious Code Injected into Popular node-ipc npm Package to Steal Developer Credentials
A supply chain compromise has been identified in node-ipc, a widely-used JavaScript package for inter-process communication on the npm registry. Cybersecurity researchers detected that recent versions of the package were modified to include credential-stealing malware, exposing developers and organizations that integrated the library into their projects.

The attack leveraged the npm publishing pipeline to distribute the malicious code to an unknown number of downstream users. Once installed, the trojanized versions harvest system credentials and transmit them to an external server controlled by the threat actors. The compromise was identified through anomaly detection in package behavior, prompting further forensic analysis that confirmed the malicious functionality embedded in the updated versions.

This incident underscores the persistent vulnerability of open-source package ecosystems to supply chain attacks, where trusted dependencies can be weaponized to target developers and their build environments. Security researchers are advising organizations to audit their dependency trees immediately, revoke potentially compromised credentials, and implement stricter integrity verification for third-party packages. The npm security team is investigating the incident and working to remediate affected versions.
---
- **Source**: BleepingComputer Echo RSS
- **Sector**: The Lab
- **Tags**: supply chain attack, npm, node-ipc, malware, credential theft
- **Credibility**: unverified
- **Published**: 2026-05-15 18:48:24
- **ID**: 83555
- **URL**: https://whisperx.ai/en/intel/83555