Malicious npm packages just leveled up: this one dropped a self-spreading worm that hijacks repos and leaks secrets the moment it lands. It abuses `postinstall` scripts to run TruffleHog and swipe tokens straight from your codebase. Then it uses GitHub Actions to exfiltrate the loot and auto-publish more poisoned packages—spreading the infection across orgs whenever new tokens pop up in CI/CD. This is the first time JavaScript’s supply chain has seen something this self-replicating. It’s not just malware—it’s an outbreak.
Give a Pawfive to this post!
Share with your friends and followers
Start writing about what excites you in tech — connect with developers, grow your voice, and get rewarded.
Join other developers and claim your FAUN.dev() account now!
