←back to thread

Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised

(socket.dev)
1208 points jamesberthoty | 2 comments | 16 Sep 25 11:22 UTC | HN request time: 0.517s | source
Show context
cddotdotslash ◴[16 Sep 25 13:31 UTC] No.45262019[source]
I wonder who actually discovered this attack? Can we credit them? The phrasing in these posts is interesting, with some taking direct credit and others just acknowledging the incident.

Aikido says: > We were alerted to a large-scale attack against npm...

Socket says: > Socket.dev found compromised various CrowdStrike npm packages...

Ox says: > Attackers slipped malicious code into new releases...

Safety says: > The Safety research team has identified an attack on the NPM ecosystem...

Phoenix says: > Another supply chain and NPM maintainer compromised...

Semgrep says: > We are aware of a number of compromised npm packages

replies(6): >>45262042 #>>45262074 #>>45262368 #>>45262518 #>>45263064 #>>45263487 #
1. augzodia ◴[16 Sep 25 13:33 UTC] No.45262042[source]
OP article says: > The incident was discovered by @franky47, who promptly notified the community through a GitHub issue.
replies(1): >>45262782 #
2. codazoda ◴[16 Sep 25 14:32 UTC] No.45262782[source]
Points to this, which does look like the first mention.

https://github.com/scttcper/tinycolor/issues/256