npm packages spread 'Bladeroid' crypto-stealer, hijack your Instagram

By Ax Sharma on February 29, 2024 vulnerabilities

4 minute read time

Sonatype has identified multiple open source packages that infect npm developers with a Windows info-stealer and crypto-stealer called Bladeroid
Read More...

Remember npm library 'colors'? There's no such thing as 'colors-2.0'

By Ax Sharma on March 15, 2022 vulnerabilities

5 minute read time

Alongside the popular 'colors' library on npm come unwanted malicious typosquats called 'colors-2.0', 'colors-3.0, 'colorsss', and so on.
Read More...

There's a RAT in my code: New npm malware with Bladabindi trojan spotted

By Ax Sharma on December 01, 2020 vulnerabilities

8 minute read time

Sonatype discovered new malware within the npm registry, jdb.js and db-json.
Read More...

Trick or treat: That `twilio-npm` package is brandjacking malware in disguise!

By Ax Sharma on November 02, 2020 vulnerabilities

5 minute read time

Sonatype’s Release Integrity, malicious code detection service, discovers twilio-npm` is brandjacking malware in disguise.
Read More...

Sonatype finds malicious npm packages which broadcast your IP, username, and device fingerprint info on the web

By Ax Sharma on September 30, 2020 vulnerabilities

8 minute read time

Initially found by Sonatype's malicious code detection bots, our researchers have discovered and confirmed the presence of two new vulnerable npm packages.
Read More...

Nexus Intelligence Insights: Sonatype - 2020-0003 - npm Malicious Package 1337qq-js

By Elisa Velarde on January 15, 2020 vulnerabilities

4 minute read time

In this month's Nexus Intelligence Insights, we cover Sonatype-2020-0003: npm malicious package 1337qq-js. Here's why it made noise but had no impact.
Read More...