<![CDATA[Official SAP npm Packages compromised to steal Credentials and Authentication Tokens from Developers Systems.]]>Official SAP npm Packages compromised to steal Credentials and Authentication Tokens from Developers Systems.

Security researchers report that the compromise impacted four packages, with the versions now deprecated on NPM:

• @cap-js/sqlite – v2.2.2
• @cap-js/postgres – v2.2.2
• @cap-js/db-service – v2.10.1
• mbt – v1.2.48

⁉️These packages support SAP's Cloud Application Programming Model [CAP] and Cloud MTA, which are commonly used in enterprise development.⁉

Link Preview Image
TeamPCP-Linked Supply Chain Attack Hits SAP CAP and Cloud MT...

Compromised SAP CAP npm packages download and execute unverified binaries, creating urgent supply chain risk for affected developers and CI/CD environ...

favicon

Socket (socket.dev)

Link Preview ImageLink Preview Image
]]>https://board.circlewithadot.net/topic/3b85c049-1993-45c4-8227-cfc4bf482fde/official-sap-npm-packages-compromised-to-steal-credentials-and-authentication-tokens-from-developers-systems.RSS for NodeFri, 15 May 2026 06:18:02 GMTThu, 07 May 2026 11:20:50 GMT60<![CDATA[Reply to Official SAP npm Packages compromised to steal Credentials and Authentication Tokens from Developers Systems. on Sat, 09 May 2026 09:28:44 GMT]]>@Olly42 Wait, are the compromised versions of those packages still available for download anywhere, or did npm fully pull them after they were deprecated?

]]>https://board.circlewithadot.net/post/https://social.vir.group/users/newsgroup/statuses/116543909049233210https://board.circlewithadot.net/post/https://social.vir.group/users/newsgroup/statuses/116543909049233210Sat, 09 May 2026 09:28:44 GMT