NPM debug and chalk packages compromised

Posted by universesquid 9/8/2025

NPM debug and chalk packages compromised(www.aikido.dev)

https://github.com/advisories/GHSA-8mgj-vmr8-frr6

1372 points | 757 commentspage 4

andix 9/8/2025|

I've posted this idea already last time with the nx incident: we need some mechanism for package managers to ignore new packages for a defined time. Skip all packages that were published less than 24 hours ago.

Most of those attacks are detected and fixed quickly, because a lot of people check newly published packages. Also the owners and contributors notice it quickly. But a lot of consumers of the package just install the newest release. With some grace period those attacks would be less critical.

stevage 9/9/2025||

I'm really surprised that NPM does not have better means to detect and respond to events like this. Since all the affected packages were by the same author, it would seem straightforward to have a mitigation event that rolls back all recent changes to some recent milestone. Then it's just a question of knowing when to hit the button.

artooro 9/8/2025||

This looks pretty bad. Even if this only affects crypto wallets, I can't help but imagine how much worse this could be.

Another good read is at https://www.aikido.dev/blog/npm-debug-and-chalk-packages-com...

dang 9/8/2025|

(This was originally posted to https://news.ycombinator.com/item?id=45168413 but we merged the threads)

tadamcz 9/8/2025||

Using a security key instead of TOTP would have prevented this.

progx 9/9/2025||

One reason why i run everything on my development machine in a docker container, you can't trust any package.

I use bun, but similar could be done with npm

Add to .bashrc:

  alias bun='docker run --rm -it -u $(id -u):$(id -g) -p 8080:8080 -v "$PWD":/app -w /app my-bun bun "$@"'

then you can use `bun` command as usual.

Dockerfile:

  FROM oven/bun:1 AS base
  VOLUME [ "/app" ]
  EXPOSE 8080/tcp
  WORKDIR /app
  # Add your custom libs
  # RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get -y install \
  #  ... \

Create once the container:

  $ docker build -t "my-bun" -f "Dockerfile" .

duffpkg 9/9/2025||

Managed large health groups for a long time, we actually care about security, billion of patient interactions, never a compromise. I managed the modernization of the payment platform for the largest restaurant in the world. Billions of dollars a year. Early thing we did was freeze versions, maintain local package repos, carefully update. It is very concerning how rare these things are done. Tens of thousands of random people are in the core supply chain of most node projects and there seems to be a lot of carelessness of that fact.

dafelst 9/8/2025||

I'm curious if anyone is tracking transactions against the wallet addresses in the malicious code - I assume that is essentially the attackers' return on investment here.

eiiot 9/8/2025|

Just ran a script to do this – doesn't seem like there's much going in, other than one test transaction.

vladkens 9/8/2025||

Actually, my problem is not really with NPM itself or the fact that it can be hacked, but with the damn auto-update policy of software – as users we usually have no idea which versions are installed, and there is even no way to roll back to a safe version.

All these Chrome, VSCode, Discord, Electron-apps, browser extensions, etc – they all update ± every week, and I can't even tell what features are being added. For comparison, Sublime updates once a YEAR and I'm totally fine with that.

maxloh 9/8/2025||

For everyone wondering: the code looks this way: https://web.archive.org/web/20250908162250/https://cdn.jsdel...

Got it from the "simple-swizzle" package that hasn't been taken down by NPM.

More comments...