Three node-ipc versions contain stealer/backdoor code, exposing developer and cloud secrets to exfiltration.
Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc.
According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious -
node-ipc@9.1.6
node-ipc@9.2.3
node-ipc@12.0.1
Popular node-ipc npm package compromised to steal credentials
Cookie thieves caught stealing dev secrets via fake Claude Code installers
Cache-poisoning caper turns TanStack npm packages toxic
Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight
Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps
Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub
OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
Mistral AI SDK, TanStack Router hit in npm software supply chain attack
Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
