NPM debug and chalk packages compromised

Posted by universesquid 9/8/2025

NPM debug and chalk packages compromised(www.aikido.dev)

https://github.com/advisories/GHSA-8mgj-vmr8-frr6

1372 points | 757 commentspage 3

anticristi 9/8/2025|

This is really scary. It could have totally happened to me too. How can we design security which works even when people are tired or stressed?

Once upon a time, I used a software called passwordmaker. Essentially, it computed a password like hash(domain+username+master password). Genius idea, but it was a nightmare to use. Why? Because amazon.se and amazon.com share the same username/password database. Similarly, the "domain" for Amazon's app was "com.amazon.something".

Perhaps it's time for browser vendors to strongly bind credentials to the domain, the whole domain and nothing but the domain, so help me Codd.

samhh 9/8/2025|

Passkeys already solve for this, we just have to get past the FUD.

odie5533 9/9/2025||

In this case, how is the Passkey safer than 2FA?

samhh 9/9/2025||

It’s cryptographically bound to the domain.

marifjeren 9/8/2025||

Definitely sounds like spear phishing targeting you specifically.

Kudos to you for owning up to it.

As others have said, it's the kind of thing that could happen to anyone, unfortunately.

mcjiggerlog 9/8/2025|

I also received the same phishing email and I only have packages with a few thousand downloads per week.

heipei 9/8/2025||

If you want to see what the phishing site (npmjs[.]help) looks like: https://urlscan.io/result/01992a3e-4f8c-72bb-90a9-c13826f2d8... - Was still up and running 2 hours ago.

mdaniel 9/9/2025|

> Size: 3124 kB

Hey, that's a pretty good reproduction of npmjs

dismalaf 9/8/2025||

The irony of this post's reception a few hours ago: https://news.ycombinator.com/item?id=45167394

l0rdkr0n0s 9/8/2025||

Did someone wrote a script to check if the attacker wallets really did get any transactions? I checked a few bitcoin portfolios balance manually but nothing in there but the first ETH portfolio had a few cents. I would be curious about the total financial impact so far

wch 9/8/2025||

When I run `npm audit`, it points me to a security advisory at GitHub. For example, for debug, it is https://github.com/advisories/GHSA-8mgj-vmr8-frr6 .

That page says that the affected versions are ">=0". Does that seem right? That page also says:

> Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Is this information accurate?

andrewmcwatters 9/8/2025||

No. A now unavailable version, `debug@4.4.2` was unpublished by npm, which is the only vulnerable version in question.

Edit: However, I think the reason the security advisory marks the entire package at the moment, is because there is no mechanism in npm to notify users a version with an exploit is currently installed. `npm audit` looks at the versions configured, not installed.

The security advisory triggering this warning forces everyone to reinstall packages today, in case 4.4.2 was installed.

herpdyderp 9/8/2025||

I also see:

- https://github.com/advisories/GHSA-hfm8-9jrf-7g9w

- https://github.com/advisories/GHSA-5g7q-qh7p-jjvm

- https://github.com/advisories/GHSA-8mgj-vmr8-frr6

- https://github.com/advisories/GHSA-m99c-cfww-cxqx

I wonder if they're all from the same thing, they all popped up at the same time.

edit: they do appear to all be the same thing, and the advisory version wildcard is wrong: https://github.com/github/advisory-database/issues/6099

lifeinthevoid 9/9/2025||

DuckDB pwned by same attack: https://github.com/duckdb/duckdb-node/security/advisories/GH...

martypitt 9/8/2025||

A super quick script to check the deps in your package-lock.json file is here[0].

[0]: https://gist.github.com/martypitt/0d50c350aa7f0fc73354754343...

patates 9/8/2025||

aren't these already nuked and show up in the "npm audit" command?

epmatsw 9/8/2025|||

Annoyingly, npm audit relies on github's advisory DB, which is currently incorrectly flagging all versions of these packages, not just the compromised ones.

https://github.com/github/advisory-database/issues/6098

brycewray 9/8/2025||

“Anatomy of a Billion-Download NPM Supply-Chain Attack”[0] suggests adding this to `package.json` for now...

    "overrides": {
      "chalk": "5.3.0",
      "strip-ansi": "7.1.0",
      "color-convert": "2.0.1",
      "color-name": "1.1.4",
      "is-core-module": "2.13.1",
      "error-ex": "1.3.2",
      "has-ansi": "5.0.1"
    }

EDIT: This comment[1] suggests `npm audit` issue has now been resolved.

[0] https://jdstaerk.substack.com/i/173095305/how-to-protect-you...

[1] https://github.com/chalk/chalk/issues/656#issuecomment-32676...

martypitt 9/8/2025|||

Nice - that's even better - thanks! TIL.

krona 9/8/2025||

how about:

grep -r "_0x112fa8"

9dev 9/8/2025||

Irritatingly, this doesn't turn up anything, despite having a theoretically-compromised project as per the package-lock.json… At least on my end

mewpmewp2 9/8/2025|||

What do you mean irritatingly? Do you mean that you think 'grep -r "_0x112fa8"' is not enough or are you irritated that npm audit is flagging as if it was compromised?

9dev 9/8/2025||

I'm irritated because I expected to find at least one compromised file, but there were none. It may be, though, that we only use the affected packages as transitive development dependencies, in which case they are not installed locally. But a sliver of doubt remains that I missed something.

AgentME 9/8/2025|||

If you had the dependency installed before this attack, then you would still be pinned to an old safe version.

adudethatgolfs 9/8/2025||

Scoket was all over this - https://socket.dev/blog/npm-author-qix-compromised-in-major-...

cddotdotslash 9/8/2025|

Nathan, do you work for Socket? I think you should at least disclose that when sharing posts here.

whatamidoingyo 9/8/2025||

I've never heard of Socket before this thread. They could be taking advantage of this news and promoting the company, as it's mentioned quite a few times in this thread. Or it's just a good service that I should probably be using.

hofrogs 9/9/2025|

This attack could have been so, so much worse. We were saved by the attacker's lack of creativity and competence.

carwyn 9/9/2025|

And the author's prompt response.

More comments...