Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer's account was compromised in a phishing attack.

The attack targeted Josh Junon (aka Qix), who received an email message that mimicked npm ("support@npmjs[.]help"), urging them to update their update their two-factor authentication (2FA) credentials before September 10, 2025, by clicking on



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/09/20-popular-npm-packages-with-2-billion.html