Most active commenters

    ←back to thread

    NPM debug and chalk packages compromised

    (www.aikido.dev)
    1369 points universesquid | 19 comments | 08 Sep 25 15:37 UTC | HN request time: 0.234s | source | bottom
    1. cddotdotslash ◴[08 Sep 25 17:05 UTC] No.45170804[source]
    NPM deserves some blame here, IMO. Countless third party intel feeds and security startups can apparently detect this malicious activity, yet NPM, the single source of truth for these packages, with access to literally every data event and security signal, can't seem to stop falling victim to this type of attack? It's practically willful ignorance at this point.
    replies(5): >>45170982 #>>45172458 #>>45172566 #>>45173494 #>>45175539 #
    2. PokestarFan ◴[08 Sep 25 17:18 UTC] No.45170982[source]
    NPM is owned by GitHub and therefore Microsoft, who is too busy putting in Copilot into apps that have 0 reason to have any form of generative AI in them
    replies(5): >>45172925 #>>45172926 #>>45173133 #>>45175660 #>>45179454 #
    3. mrguyorama ◴[08 Sep 25 19:06 UTC] No.45172458[source]
    Why would NPM do anything about it? NPM has been a great source of distributing malware for like a decade now, and none of you have stopped using it.

    Why in the world would they NEED to stop? It apparently doesn't harm their "business"

    replies(1): >>45172797 #
    4. twistedpair ◴[08 Sep 25 19:13 UTC] No.45172566[source]
    Identical, highly obfuscated (and thus suspicious looking) payload was inserted into 22+ packages from the same author (many dormant for a while) simultaneously and published.

    What kind of crazy AI could possible have noticed that on the NPM side?

    This is frustrating as someone that has built/published apps and extensions to other software providers for years and must wait days or weeks for a release to be approved while it's scanned and analyzed.

    For all the security wares that MS and GitHub sell, NPM has seen practically no investment over the years (e.g. just go review the NPM security page... oh, wait, where?).

    5. pants2 ◴[08 Sep 25 19:30 UTC] No.45172797[source]
    Dozens of businesses have been built to try fixing the npm security problem. There's clearly money in it, even if MS were to charge an access fee for security features.
    6. Cthulhu_ ◴[08 Sep 25 19:40 UTC] No.45172925[source]
    But Github does loads of things with security, including reporting compromised NPM packages. I didn't know NPM is owned by Microsoft these days though, now that I think about it, Microsoft of all parties should be right on top of this supply chain attack vector - they've been burned hard by security issues for decades, especially in the mid to late 90's, early 2000s as hundreds of millions of devices were connected to the internet, but their OS wasn't ready for it yet.
    7. bnchrch ◴[08 Sep 25 19:40 UTC] No.45172926[source]
    Good god. Not everything has to be about your opinion on AI.
    replies(2): >>45173693 #>>45174064 #
    8. wutbrodo ◴[08 Sep 25 19:56 UTC] No.45173133[source]
    It's not like NPM pre-Microsoft was a paragon of professional management or engineering...
    replies(2): >>45174132 #>>45176182 #
    9. legohead ◴[08 Sep 25 20:26 UTC] No.45173494[source]
    I blame the prevalence of package mangers in the first place. Never liked em, just for this reason. Things were fine before they became mainstream. Another annoying reason is package files that are set to grab the latest version, randomly breaking your environment. This isn't just npm of course, I hate them all equally.
    replies(1): >>45174969 #
    10. jay_kyburz ◴[08 Sep 25 20:41 UTC] No.45173693{3}[source]
    Actually, they could probably use AI to see if each update to a package looks malicious or obfuscated.
    11. PokestarFan ◴[08 Sep 25 21:12 UTC] No.45174064{3}[source]
    GitHub was folded into Microsoft's "CoreAI" team. Not very confidence-inspiring.
    12. mixologic ◴[08 Sep 25 21:18 UTC] No.45174132{3}[source]
    The difference is in the apparent available resources. You cant get to "professional" without the time and money, and NPM post acquisition, presumably, has more of both. Granted, NPM probably doesn't have a revenue model to speak of, which means Microsoft is probably not paying it much attention.
    13. stevenpetryk ◴[08 Sep 25 22:33 UTC] No.45174969[source]
    I'm a little confused, is this rage bait or what?

    > Things were fine before they became mainstream

    As in, things were fine before we had commonplace tooling to fetch third party software?

    > package files that are set to grab the latest version

    The three primary Node.js package managers all create a lockfile by default.

    replies(2): >>45177902 #>>45184146 #
    14. buzuli ◴[08 Sep 25 23:37 UTC] No.45175539[source]
    For packages which have multiple maintainers, they should at least offer the option to require another maintainer to approve each publish.
    15. andix ◴[08 Sep 25 23:52 UTC] No.45175660[source]
    Is it really owned and run by Microsoft? I thought they only provide infrastructure, servers and funding.
    16. Maxious ◴[09 Sep 25 01:05 UTC] No.45176182{3}[source]
    For those who have forgotten, Microsoft buying npm was basically a community service given npm inc was on the brink of collapsing

    https://www.businessinsider.com/npm-ceo-bryan-bogensberger-r...

    https://www.businessinsider.com/npm-cofounder-laurie-voss-re...

    17. nananana9 ◴[09 Sep 25 05:50 UTC] No.45177902{3}[source]
    I mostly share GP's sentiment, although they didn't argue their point very well.

    > As in, things were fine before we had commonplace tooling to fetch third party software?

    Yes. The languages without a dominant package manager (basically C and C++) are the only ones that have self-contained libraries, that you can just drag into your source tree.

    This is how you write good libraries - as can be seen by the fact that for many problems, there's a powerful C (or C++, but usually C) library with minimal (and usually optional) dependencies, that is the de-facto standard, and has bindings for most other languages. Think SDL, ffmpeg, libcurl, zlib, libpng/jpeg, FreeType, OpenSSL, etc, etc.

    That's not the case for libraries written in JS, Python, or even other compiled languages like Go and Rust - libraries written in those languages come with a dependency tree, and are never ported to other languages.

    18. txdv ◴[09 Sep 25 09:04 UTC] No.45179454[source]
    Just write a check.md instruction for copilot to check it for malicious acticity, problem solved
    19. int_19h ◴[09 Sep 25 16:14 UTC] No.45184146{3}[source]
    > As in, things were fine before we had commonplace tooling to fetch third party software?

    In some ways they were. I remember how much friction it was to take a dependency in your typical desktop C++ or Delphi app in late 90s - early 00s. And because of that, developers would generally be hesitant to add a new dependency without a strong justification, especially so any kind of dependency that comes with its own large dependency tree. Which, in turn, creates incentives for library authors to create fairly large, framework-style libraries. So you end up with an ecosystem where dependencies are much more coarse and there are fewer of them, so dependency graphs are shallow. Whether this is an advantage or a disadvantage in its own right can be debated, but it's definitely less susceptible to this kind of attack because updating dependencies in such a system is also much more involved; it's not something that you do with a single `npm install`.