←back to thread

NPM debug and chalk packages compromised

(www.aikido.dev)
1369 points universesquid | 2 comments | 08 Sep 25 15:37 UTC | HN request time: 0.98s | source
Show context
joaomoreno ◴[08 Sep 25 16:49 UTC] No.45170585[source]
From sindresorhus:

You can run the following to check if you have the malware in your dependency tree:

`rg -u --max-columns=80 _0x112fa8`

Requires ripgrep:

`brew install rg`

https://github.com/chalk/chalk/issues/656#issuecomment-32668...

replies(8): >>45171142 #>>45171275 #>>45171304 #>>45171841 #>>45172110 #>>45172189 #>>45174730 #>>45175821 #
1. timsh ◴[08 Sep 25 18:17 UTC] No.45171841[source]
If it produces no output, does that mean that there's no code that could act in the future? I first acted out of nerves and deleted the whole node-modules and package.lock in a couple of freshly opened Astro projects, curious if I should considered my web surfing to still be potentially malicious
replies(1): >>45172024 #
2. nosefurhairdo ◴[08 Sep 25 18:33 UTC] No.45172024[source]
The malware introduced here is a crypto address swapper. It's possible that even after deleting node_modules that some malicious code could persist in a browser cache.

If you have crypto wallets on the potentially compromised machine, or intend to transfer crypto via some web client, proceed with caution.