Supply Chain Attack Compromises node-ipc npm Package with Credential-Stealing Malware

Hackers compromised newly published versions of the node-ipc npm package, a widely used inter-process communication library, in a supply chain attack targeting the npm ecosystem. The malicious versions were injected with credential-stealing malware designed to exfiltrate sensitive data from affected systems. The attack specifically impacted recent releases of node-ipc, though no exact version numbers or dates of compromise were disclosed. The malware's primary function was to harvest and transmit credentials, posing a risk to developers and applications relying on the package. No CVE identifiers were mentioned in the report. The incident highlights ongoing threats to open-source software supply chains.