We see more new affected packages over night. It highlights why we built this ml/model for this back when it was still called ml/ai and use it to protect customers in real time.
We will be updating the blog shortly with the new packages.
We will be updating the blog shortly with the new packages.
September 9, 2025 at 1:55 PM
We see more new affected packages over night. It highlights why we built this ml/model for this back when it was still called ml/ai and use it to protect customers in real time.
We will be updating the blog shortly with the new packages.
We will be updating the blog shortly with the new packages.
Looks
Like we got them taken down. So here it is: www.sonatype.com/blog/npm-cha...
Like we got them taken down. So here it is: www.sonatype.com/blog/npm-cha...
npm Chalk and Debug Packages Hit in Software Supply Chain Attack
Learn about the npm chalk and debug widespread software supply chain attack, highlighting risks and the need for better SBOM and SCA practices.
www.sonatype.com
September 9, 2025 at 12:15 AM
Looks
Like we got them taken down. So here it is: www.sonatype.com/blog/npm-cha...
Like we got them taken down. So here it is: www.sonatype.com/blog/npm-cha...
Our malware systems at Sonatype seem to be picking these up coming from other, not yet reported accounts. This attack seems to have landed more publishers as this unfolds. Check your accounts folks while we work with others to contain.
September 8, 2025 at 8:12 PM
Our malware systems at Sonatype seem to be picking these up coming from other, not yet reported accounts. This attack seems to have landed more publishers as this unfolds. Check your accounts folks while we work with others to contain.
Fair. Maybe it’s a scam. Will have to wait and see.
April 16, 2025 at 11:37 AM
Fair. Maybe it’s a scam. Will have to wait and see.