A fresh supply chain attack targeting the widely used node-ipc npm package has raised new concerns across the JavaScript ecosystem after researchers uncovered multiple malicious releases containing an obfuscated credential stealer and backdoor functionality. Security analysts confirmed that several recently published package tarballs were infected with malware capable of harvesting sensitive data from developer systems and CI environments. 

The compromised versions identified as malicious include: 

[email protected]  

[email protected]  

[email protected]  

Researchers at Socket reported that the suspicious versions were flagged within approximately three minutes of publicatio...