Most active commenters
  • tripplyons(3)
  • tbossanova(3)
  • n8m8(3)

←back to thread

NPM debug and chalk packages compromised

(www.aikido.dev)
1369 points universesquid | 51 comments | 08 Sep 25 15:37 UTC | HN request time: 0.232s | source | bottom
1. joaomoreno ◴[08 Sep 25 16:49 UTC] No.45170585[source]
From sindresorhus:

You can run the following to check if you have the malware in your dependency tree:

`rg -u --max-columns=80 _0x112fa8`

Requires ripgrep:

`brew install rg`

https://github.com/chalk/chalk/issues/656#issuecomment-32668...

replies(8): >>45171142 #>>45171275 #>>45171304 #>>45171841 #>>45172110 #>>45172189 #>>45174730 #>>45175821 #
2. koolba ◴[08 Sep 25 17:29 UTC] No.45171142[source]
Try the same recursive grep on ~/.npm to see if you have it cached too. Not just the latest in the current project.
replies(1): >>45172939 #
3. cgijoe ◴[08 Sep 25 17:38 UTC] No.45171275[source]
Sorry, I am unfamiliar with ripgrep. Is this simply scanning for the string `_0x112fa8`? Could we do the same thing with normal grep -r?
replies(2): >>45171316 #>>45171334 #
4. ◴[08 Sep 25 17:40 UTC] No.45171304[source]
5. skrebbel ◴[08 Sep 25 17:41 UTC] No.45171316[source]
yes. ripgrep just does it faster, is all.
replies(2): >>45173163 #>>45173857 #
6. timsh ◴[08 Sep 25 18:17 UTC] No.45171841[source]
If it produces no output, does that mean that there's no code that could act in the future? I first acted out of nerves and deleted the whole node-modules and package.lock in a couple of freshly opened Astro projects, curious if I should considered my web surfing to still be potentially malicious
replies(1): >>45172024 #
7. nosefurhairdo ◴[08 Sep 25 18:33 UTC] No.45172024[source]
The malware introduced here is a crypto address swapper. It's possible that even after deleting node_modules that some malicious code could persist in a browser cache.

If you have crypto wallets on the potentially compromised machine, or intend to transfer crypto via some web client, proceed with caution.

8. aerodynamic_ ◴[08 Sep 25 18:41 UTC] No.45172110[source]
convenience script that checks through package.json dependency tree + a couple malicious binary patterns:

https://gist.github.com/edgarpavlovsky/695b896445c19b6f66f14...

replies(1): >>45190818 #
9. yifanl ◴[08 Sep 25 18:47 UTC] No.45172189[source]
Asking people to run random install scripts just feels very out of place given the context.
replies(2): >>45172767 #>>45174960 #
10. naikrovek ◴[08 Sep 25 19:20 UTC] No.45172662{3}[source]
I feel like you were trying to help here, but anyone can do this for themselves. Providing information in this way sort of indicates that you don't believe that the person you're replying to can do it on their own, and for that reason it's considered rude.
replies(2): >>45174080 #>>45176176 #
11. hunter2_ ◴[08 Sep 25 19:28 UTC] No.45172767[source]
I would agree if this were one of those `curl | sh` scenarios, but don't we consider things like `brew` to be sufficiently low-risk, akin to `apt`, `dnf`, and the like?
replies(3): >>45172964 #>>45174003 #>>45174196 #
12. tripplyons ◴[08 Sep 25 19:41 UTC] No.45172939[source]
Haven't installed any modules today, but I ran these commands to clear caches for npm and pnpm just to be safe.

npm cache clean --force pnpm cache delete

replies(1): >>45174311 #
13. tripplyons ◴[08 Sep 25 19:42 UTC] No.45172964{3}[source]
Anyone can upload an NPM package without much review. For Homebrew, you at least have to submit a pull request.
replies(2): >>45177196 #>>45182290 #
14. hinkley ◴[08 Sep 25 19:58 UTC] No.45173163{3}[source]
Make it work, make it right, make it fast.

For security checks, the first 2 out of 3 is just fine.

replies(1): >>45174327 #
15. nothrabannosir ◴[08 Sep 25 20:56 UTC] No.45173857{3}[source]
But also respects .gitignore by default so I’m not sure you want to use ripgrep to scan your node_modules
replies(2): >>45174032 #>>45174067 #
16. dmitrygr ◴[08 Sep 25 21:07 UTC] No.45174003{3}[source]
> don't we consider things like `brew` to be sufficiently low-risk,

Like ... npm?

replies(2): >>45174514 #>>45175021 #
17. Fishkins ◴[08 Sep 25 21:09 UTC] No.45174032{4}[source]
For others who didn't know, the -u flag in the OP's command makes it so ripgrep _will_ search files even if they're gitignored
replies(1): >>45177926 #
18. AkshatJ27 ◴[08 Sep 25 21:12 UTC] No.45174067{4}[source]
Isn't the intended behaviour of original comment checking the node_modules folder for the "infected" string.
19. skygazer ◴[08 Sep 25 21:14 UTC] No.45174080{4}[source]
Also, HN hates machine generated replies, especially the lengthy and overly verbose slop variety -- I think that probably eclipsed any perceived rudeness.
20. anthk ◴[08 Sep 25 21:24 UTC] No.45174196{3}[source]
APT repos for Debian, Trisquel, Ubuntu... require far more checkings and bureaucracy.
replies(1): >>45174375 #
21. PokestarFan ◴[08 Sep 25 21:34 UTC] No.45174311{3}[source]
You probably want to check before you clear cache
22. Aeolun ◴[08 Sep 25 21:35 UTC] No.45174327{4}[source]
Sure, but if you can get the last for free, why not?
23. socalgal2 ◴[08 Sep 25 21:40 UTC] No.45174375{4}[source]
I'll bet they don't. There's way to much churn for it all to be checked
replies(2): >>45174994 #>>45175530 #
24. hunter2_ ◴[08 Sep 25 21:52 UTC] No.45174514{4}[source]
I thought getting code into brew is blocked by some vetting (potentially insufficient, which could be argued for all supply chains), whereas getting code into npm involves no vetting whatsoever.
replies(1): >>45182278 #
25. justusthane ◴[08 Sep 25 22:32 UTC] No.45174960[source]
ripgrep is quite well known. It’s not some obscure tool. Brew is a well-established package manager.

(I get that the same can be said for said for npm and the packages in question, but I don’t really see how the context of the thread matters in this case).

26. justusthane ◴[08 Sep 25 22:35 UTC] No.45174994{5}[source]
No, they are extremely well vetted. Have you ever heard of a supply chain attack involving Red Hat, Debian or Ubuntu repos?
replies(1): >>45175191 #
27. fn-mote ◴[08 Sep 25 22:38 UTC] No.45175021{4}[source]
Nah…

Everybody knows npm is a gaping security issue waiting to happen. Repeatedly.

It’s convenient, so it’s popular.

Many people also don’t vendor their own dependencies, which would slow down the spread at the price of not being instantly up to date.

replies(3): >>45175798 #>>45177580 #>>45186549 #
28. jonquest ◴[08 Sep 25 22:56 UTC] No.45175191{6}[source]
Yes, the XZ attack affected Fedora nightly and Debian testing and unstable. Yes, it got caught before it made it into a stable distribution (this time).

https://www.redhat.com/en/blog/understanding-red-hats-respon...

https://lists.debian.org/debian-security-announce/2024/msg00...

replies(1): >>45181120 #
29. const_cast ◴[08 Sep 25 23:36 UTC] No.45175530{5}[source]
Churn? On Debian?

It takes like 2 years to get up to date packages. This isn't NPM.

replies(1): >>45176926 #
30. dabockster ◴[09 Sep 25 00:11 UTC] No.45175798{5}[source]
> Many people also don’t vendor their own dependencies, which would slow down the spread at the price of not being instantly up to date.

npm sold it really hard that you could rely on them and not have to vendor dependencies yourself. If I suggested that a decade ago in Seattle, I would have gotten booed out of the room.

replies(1): >>45176729 #
31. dabockster ◴[09 Sep 25 00:14 UTC] No.45175821[source]
Here's something I generated in my coding AI for Powershell:

`Get-ChildItem -Recurse | Select-String -Pattern '_0x112fa8' | ForEach-Object { $_.Line.Substring(0, [Math]::Min(80, $_.Line.Length)) }`

Breakdown of the Command:

- Get-ChildItem -Recurse: This command retrieves all files in the current directory and its subdirectories.

- Select-String -Pattern '_0x112fa8': This searches for the specified pattern in the files.

- ForEach-Object { ... }: This processes each match found.

- Substring(0, [Math]::Min(80, $_.Line.Length)): This limits the output to a maximum of 80 characters per line.

---

Hopefully this should work for Windows devs out there. If not, reply and I'll try to modify it.

replies(1): >>45177364 #
32. tbossanova ◴[09 Sep 25 01:03 UTC] No.45176176{4}[source]
I see what you mean, but I actually think there is a place for copy/pasting AI responses. I think of it as a kind of cache, surely a HN comment being served to n users means less resources used and faster access than if all n did their own AI query. But then of course you don’t get exactly your preference e.g. you might prefer a terser response than what is pasted here. Interesting to see how the etiquette around this plays out over time.
replies(1): >>45177657 #
33. marcus_holmes ◴[09 Sep 25 02:33 UTC] No.45176729{6}[source]
I have repeatedly been met with derision when pointing out what a gaping security nightmare the whole Open Source system is, especially npm and its ilk.

Yet here we are. And this is going to get massively worse, not better.

replies(1): >>45179724 #
34. SchemaLoad ◴[09 Sep 25 03:06 UTC] No.45176926{6}[source]
The xscreensaver dev managed to very easily slip a timebomb in to the debian repos. Wasn't obscured in any way, the repo maintainers just don't review the code. It would be physically impossible for them to review all the changes in all the programs.
35. what ◴[09 Sep 25 03:52 UTC] No.45177196{4}[source]
Homebrew has been compromised before. To think it’s immune is a bit naive.
replies(2): >>45182243 #>>45183548 #
36. metaltyphoon ◴[09 Sep 25 04:21 UTC] No.45177364[source]
Or you can just install ripgrep on windows too and have it check much faster ;)
37. albedoa ◴[09 Sep 25 04:57 UTC] No.45177580{5}[source]
> Nah…

I mean, I believe you, but the person you are replying to obviously believes that they are similar. Could you explain the significant differences?

38. vasco ◴[09 Sep 25 05:11 UTC] No.45177657{5}[source]
If you ever wanted to share an AI response, you probably should share your prompt, not the response. But likely you should not share anything, for the reasons already explained. Your argument about saving energy makes zero sense if you have any understanding of orders of magnitude but I won't share what AI says about it.
replies(1): >>45192166 #
39. postalcoder ◴[09 Sep 25 05:54 UTC] No.45177926{5}[source]
-u searches through ignored files

-uu searches through ignored and hidden files (eg dotfiles)

-uuu searches through ignored, hidden, and binary files (ie everything)

40. Intermernet ◴[09 Sep 25 09:39 UTC] No.45179724{7}[source]
Nothing specific to open source is to blame in this instance. The author got phished. Open source software often has better code vetting and verification than closed source software. npm, however, does not.
41. goodpoint ◴[09 Sep 25 12:37 UTC] No.45181120{7}[source]
So the attack was successfully stopped and you complain about it?
replies(1): >>45186470 #
42. n8m8 ◴[09 Sep 25 14:14 UTC] No.45182243{5}[source]
Agreed that it's a bit funny given the context and no community-managed package manager should be 100% trusted.

That said, I think rg is pretty well known to linux daily-drivers and they just wanted to share something quickly for powerusers who want to check their workspaces quickly. Probably better to just instruct n00bs to use grep than install a whole cli tool for searching

Come to think of it, I wonder if a 2-phase attack could be planned by an attacker in the future: Inject malware into a package, flood guidance with instructions to install another popular tool that you also recently compromised... lol

43. n8m8 ◴[09 Sep 25 14:17 UTC] No.45182278{5}[source]
Went and found the link: https://docs.brew.sh/Acceptable-Casks#apps-that-bundle-malwa...

> Unfortunately, in the world of software there are bad actors that bundle malware with their apps. Even so, Homebrew Cask has long decided it will not be an active gatekeeper (macOS already has one) and users are expected to know about the software they are installing. This means we will not always remove casks that link to these apps, in part because there is no clear line between useful app, potentially unwanted program, and the different shades of malware—what is useful to one user may be seen as malicious by another.

44. n8m8 ◴[09 Sep 25 14:19 UTC] No.45182290{4}[source]
https://docs.brew.sh/Acceptable-Casks#apps-that-bundle-malwa...

> Unfortunately, in the world of software there are bad actors that bundle malware with their apps. Even so, Homebrew Cask has long decided it will not be an active gatekeeper (macOS already has one) and users are expected to know about the software they are installing. This means we will not always remove casks that link to these apps, in part because there is no clear line between useful app, potentially unwanted program, and the different shades of malware—what is useful to one user may be seen as malicious by another.

---

So there might be pull requests, but Brew's official stance is that they do not actively moderate casks for malware. I guess there's something built into the MacOS packaging step that help mitigate the risk, but I don't know much about it outside playing w/ app development in XCode.

45. tripplyons ◴[09 Sep 25 15:40 UTC] No.45183548{5}[source]
I'm not saying its immune. I'm saying that NPM doesn't have as many protections, making NPM an easier target.
46. jonquest ◴[09 Sep 25 18:34 UTC] No.45186470{8}[source]
I’m not complaining, I’m pointing out facts. If the facts offend you, that’s your problem. Ignore them if you wish.
47. johnisgood ◴[09 Sep 25 18:38 UTC] No.45186549{5}[source]
Convenient, as in the barrier to entry is way too low. I am pretty much against it.
48. NamlchakKhandro ◴[09 Sep 25 23:17 UTC] No.45190818[source]
doesn't work for monorepos
49. tbossanova ◴[10 Sep 25 01:58 UTC] No.45192166{6}[source]
Ironically you are being incredibly rude trying to support an argument that posting AI responses is rude. I guess we can conclude you know nothing about anything.
replies(1): >>45193500 #
50. vasco ◴[10 Sep 25 05:03 UTC] No.45193500{7}[source]
I never mention rudeness, I dont give a shit about random people online being "rude". It's just something I don't like, so I shared my opinion.
replies(1): >>45285071 #
51. tbossanova ◴[18 Sep 25 03:41 UTC] No.45285071{8}[source]
Still ironic. Just so you know I might have considered what you said and changed my mind, but being rude made me dismiss you immediately. Just sharing my opinion