<![CDATA[I am sure you're shocked to hear about another NPM compromise.]]>I am sure you're shocked to hear about another NPM compromise.

This one was because a maintainer let their email domain expire!

Link Preview Image
Node-ipc NPM packages infected with stealer

Socket.dev has yet another NPM package compromise, in this case the node-ipc packages. Affected versions: node-ipc@9.1.6 node-ipc@9.2.3 node-ipc@12.0.1 Initial access appears to be email domain takeover from a do…

favicon

IFIN (discourse.ifin.network)

]]>https://board.circlewithadot.net/topic/65dad437-d587-415c-8353-2f8705d8f8e0/i-am-sure-you-re-shocked-to-hear-about-another-npm-compromise.RSS for NodeFri, 15 May 2026 06:18:42 GMTThu, 14 May 2026 22:20:47 GMT60