←back to thread

NPM debug and chalk packages compromised

(www.aikido.dev)
1369 points universesquid | 6 comments | 08 Sep 25 15:37 UTC | HN request time: 0s | source | bottom
Show context
junon ◴[08 Sep 25 15:49 UTC] No.45169794[source]
Hi, yep I got pwned. Sorry everyone, very embarrassing.

More info:

- https://github.com/chalk/chalk/issues/656

- https://github.com/debug-js/debug/issues/1005#issuecomment-3...

Affected packages (at least the ones I know of):

- ansi-styles@6.2.2

- debug@4.4.2 (appears to have been yanked as of 8 Sep 18:09 CEST)

- chalk@5.6.1

- supports-color@10.2.1

- strip-ansi@7.1.1

- ansi-regex@6.2.1

- wrap-ansi@9.0.1

- color-convert@3.1.1

- color-name@2.0.1

- is-arrayish@0.3.3

- slice-ansi@7.1.1

- color@5.0.1

- color-string@2.1.1

- simple-swizzle@0.2.3

- supports-hyperlinks@4.1.1

- has-ansi@6.0.1

- chalk-template@1.1.1

- backslash@0.2.1

It looks and feels a bit like a targeted attack.

Will try to keep this comment updated as long as I can before the edit expires.

---

Chalk has been published over. The others remain compromised (8 Sep 17:50 CEST).

NPM has yet to get back to me. My NPM account is entirely unreachable; forgot password system does not work. I have no recourse right now but to wait.

Email came from support at npmjs dot help.

Looked legitimate at first glance. Not making excuses, just had a long week and a panicky morning and was just trying to knock something off my list of to-dos. Made the mistake of clicking the link instead of going directly to the site like I normally would (since I was mobile).

Just NPM is affected. Updates to be posted to the `/debug-js` link above.

Again, I'm so sorry.

replies(39): >>45169833 #>>45169877 #>>45169899 #>>45169922 #>>45170115 #>>45170202 #>>45170608 #>>45170631 #>>45170738 #>>45170943 #>>45171084 #>>45171127 #>>45171420 #>>45171444 #>>45171619 #>>45171648 #>>45171666 #>>45171859 #>>45172334 #>>45172346 #>>45172355 #>>45172660 #>>45172846 #>>45174599 #>>45174607 #>>45175160 #>>45175246 #>>45176250 #>>45176355 #>>45176505 #>>45177184 #>>45177316 #>>45178543 #>>45178719 #>>45182153 #>>45183937 #>>45194407 #>>45194912 #>>45229781 #
33a ◴[08 Sep 25 18:19 UTC] No.45171859[source]
We also caught this right away at Socket,

https://socket.dev/blog/npm-author-qix-compromised-in-major-...

While it sucks that this happened, the good thing is that the ecosystem mobilized quickly. I think these sorts of incidents really show why package scanning is essential for securing open source package repositories.

replies(3): >>45173871 #>>45173938 #>>45174071 #
Yoric ◴[08 Sep 25 21:12 UTC] No.45174071[source]
So how do you detect these attacks?
replies(2): >>45174292 #>>45175681 #
veber-alex ◴[08 Sep 25 21:32 UTC] No.45174292[source]
AI based code review with escalation to a human
replies(1): >>45174765 #
1. Yoric ◴[08 Sep 25 22:17 UTC] No.45174765[source]
I'm curious :)

Does the AI detect the obfuscation?

replies(3): >>45175006 #>>45176325 #>>45246094 #
2. justusthane ◴[08 Sep 25 22:37 UTC] No.45175006[source]
Probably. It’s trivial to plug some obfuscated code into an LLM and ask it what it does.
replies(1): >>45175437 #
3. spartanatreyu ◴[08 Sep 25 23:24 UTC] No.45175437[source]
Yeah, but just imagine how many false positives and false negatives there would be...
4. 33a ◴[09 Sep 25 01:27 UTC] No.45176325[source]
It's actually pretty easy to detect that something is obfuscated, but it's harder to prove that the obfuscated code is actually harmful. This is why we still have a team of humans review flagged packages before we try to get them taken down, otherwise you would end up with way too many false positives.
replies(1): >>45177854 #
5. Yoric ◴[09 Sep 25 05:44 UTC] No.45177854[source]
Yeah, what I meant is that obfuscation is a strong sign that something needs to be flagged for review. Sadly, there's only a thin line between obfuscation and minification, so I was wondering how many false positives you get.

Thanks for the links in your other comment, I'll take a look!

6. nurettin ◴[15 Sep 25 04:22 UTC] No.45246094[source]
I think that would be static analysis. After processing the source code normally (looking for net & sys calls), you decode base64, concatenate all strings and process again (until decode makes no change)