BestHub
Sign in
Tagged articles
5 articles
Page 1 of 1
Black & White Path
Black & White Path
May 18, 2026 · Information Security

Why npm Keeps Getting Compromised: A Deep Dive into the Latest node‑ipc Supply‑Chain Attack

On May 14, 2026 three malicious versions of the node‑ipc package were published to npm, injecting obfuscated payloads that steal cloud credentials, SSH keys, AI tool configurations and other sensitive files, and the article analyses the attack stages, historical repeats, npm's structural flaws, and concrete blue‑team mitigation steps.

Credential TheftSupply chain securitydetection rules
0 likes · 12 min read
Why npm Keeps Getting Compromised: A Deep Dive into the Latest node‑ipc Supply‑Chain Attack
Black & White Path
Black & White Path
May 16, 2026 · Information Security

Node‑ipc Hit Again: Inside the Second Wave of npm Supply‑Chain Attacks

On May 14, 2026, security teams uncovered three malicious node‑ipc npm releases that used a Lily‑Pad account‑hijack technique to inject an 80 KB obfuscated payload, exfiltrate credentials via DNS TXT tunneling, and prompt immediate version audits and credential rotation.

Credential TheftInformation SecurityLily Pad attack
0 likes · 5 min read
Node‑ipc Hit Again: Inside the Second Wave of npm Supply‑Chain Attacks
Selected Java Interview Questions
Selected Java Interview Questions
Apr 22, 2022 · Information Security

Supply Chain Poisoning in node-ipc: Analysis, Impact, and Mitigation

Developers discovered that the npm package node‑ipc, widely used in vue‑cli, contained a malicious “peacenotwar” payload targeting Russian and Belarusian IPs, prompting security analysis, discussion of open‑source supply‑chain risks, and detailed remediation steps including package updates and code removal.

Supply chain securityVue CLInode-ipc
0 likes · 8 min read
Supply Chain Poisoning in node-ipc: Analysis, Impact, and Mitigation
Programmer DD
Programmer DD
Mar 18, 2022 · Information Security

How a Node‑IPC Supply‑Chain Attack Hijacked Vue‑CLI Projects

A malicious update to the npm package node‑ipc, used by vue‑cli, injected anti‑war code that creates unwanted files, overwrites system directories for Russian and Belarusian IPs, and sparked a community response that led to a patched vue‑cli release and detailed remediation steps.

Supply Chain AttackVue CLImalware
0 likes · 5 min read
How a Node‑IPC Supply‑Chain Attack Hijacked Vue‑CLI Projects
IT Services Circle
IT Services Circle
Mar 17, 2022 · Information Security

Malicious npm Packages: The “peacenotwar” Incident and Its Impact on the Frontend Ecosystem

The article exposes a malicious npm package called peacenotwar, injected by a politically motivated author into the node‑ipc dependency of vue‑cli, which creates a hostile file on users in Russia and Belarus, prompting npm to block the package and highlighting the fragility of the frontend supply chain.

Frontend EcosystemOpen SourceSupply chain security
0 likes · 5 min read
Malicious npm Packages: The “peacenotwar” Incident and Its Impact on the Frontend Ecosystem