A sophisticated worm infected 639 npm packages in under 40 minutes on May 19, 2026, impacting approximately 16 million weekly downloads. The malware, originating from a compromised npm account, not only exfiltrated credentials from cloud and database systems but also exploited GitHub Actions to gain publish access to new packages. A notable aspect of this attack is its persistence mechanism, which installs hooks in development environments like Claude Code and VS Code, and a dead man's switch that deletes user data if compromised tokens are revoked. AI
IMPACT This attack highlights critical vulnerabilities in software supply chains, particularly concerning developer tools and code execution environments.
RANK_REASON The article describes a sophisticated malware attack targeting npm packages and developer tools, detailing its propagation and persistence mechanisms.
Read on dev.to — Claude Code tag →
- @antv
- AWS
- Azure
- Claude Code
- Cursor
- echarts-for-react
- GitHub
- GCP
- jest-canvas-mock
- Kubernetes
- timeago.js
- VS Code
- Windsurf
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →