A sophisticated worm infected 637 npm packages within 39 minutes on May 19, 2026, affecting approximately 16 million weekly downloads. The malware, originating from a compromised npm account, not only exfiltrated credentials from cloud environments and developer tools but also exploited GitHub Actions to gain further npm publish access, enabling self-propagation. Notably, the attack targeted developer environments by installing hooks in tools like Claude Code and VS Code, and included a dead man's switch to delete user files if stolen tokens were revoked. AI
IMPACT This attack highlights the evolving threat landscape for AI development tools and the software supply chain.
RANK_REASON This is a report of a malware attack targeting developer tools and packages, not a new model release or core AI research.
Read on dev.to — Claude Code tag →
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →