On September 8, 2025, at 13:16 UTC, one of the most significant supply chain attacks in software history began unfolding. Within minutes, malicious code had been injected into 18 of the most fundamental JavaScript packages that power modern web development, collectively downloaded over 2.6 billion times per week. The attack vector wasn’t a sophisticated zero-day exploit or nation-state malware—it was a remarkably simple phishing email that exploited the human element in our increasingly complex digital supply chain.
The Anatomy of the Deception
The attack targeted Josh Junon (known as “Qix”), a maintainer of critical npm packages including debug (358 million weekly downloads), chalk (300 million weekly downloads), and ansi-styles (371 million weekly downloads). The attacker used the domain npmjs.help (registered just three days prior on September 5, 2025) to send a convincing phishing email from “support@npmjs.help”
The phishing message mimicked npm’s official communications, urging Junon to update their two-factor authentication credentials before September 10, 2025, creating false urgency with a 48-hour deadline. The email included official-looking branding and leveraged psychological pressure tactics by threatening account suspension.
The social engineering succeeded. The phishing page prompted the maintainer to enter their username, password, and two-factor authentication token, likely through an adversary-in-the-middle attack that allowed real-time credential harvesting.
The Cascade Effect: From One Account to Billions
Once the attackers gained control of Junon’s npm account, they moved with precision and speed. Within hours, malicious versions were published across 18 packages, including:
- chalk (299.99m weekly downloads) – Text styling library
- debug (357.6m weekly downloads) – Debugging utility
- ansi-styles (371.41m weekly downloads) – ANSI color styling
- supports-color (287.1m weekly downloads) – Color support detection
- strip-ansi (261.17m weekly downloads) – ANSI code removal
- And 13 other fundamental utilities
These aren’t obscure packages—they form the foundational infrastructure of the JavaScript ecosystem. The modules form part of the underlying fabric of the JavaScript ecosystem, meaning the compromise had the potential to cascade into a vast number of downstream applications and services.
The Malicious Payload: Crypto-Theft in the Browser
The malicious code was designed to hijack cryptocurrency transactions by monitoring browser application programming interfaces such as fetch, XMLHttpRequest and wallet interfaces such as window.ethereum, redirecting funds to attacker-controlled addresses.
The payload focused on wallet hijacking by hooking into window.ethereum to intercept calls to wallets like MetaMask and silently redirect outgoing transactions to attacker-controlled addresses, while also overriding fetch and XMLHttpRequest to scan API responses for blockchain addresses, then replacing them with visually similar attacker addresses using a Levenshtein “nearest match” algorithm.
Crucially, the malicious payload is a browser-only script, meaning it does not infect operating systems or file systems directly. Instead, it focuses on intercepting crypto transactions and web3 API calls in browser environments.
The Response: Swift but Insufficient
The breach was detected by Aikido within five minutes of publication and disclosed publicly within the hour, limiting potential damage despite the enormous download footprint of the affected packages. The breached packages were available roughly between 9 a.m. and 11:30 a.m. today, Sept. 8—a narrow window, but one that could have affected thousands of developers and organizations.
After Aikido notified the maintainer on Bluesky, he replied at 15:15 UTC that he was aware of being compromised, and starting to clean up the compromised packages. Junon himself acknowledged the breach publicly, stating “Sorry everyone, I should have paid more attention. Not like me; have had a stressful week. Will work to get this cleaned up.”
The rapid response prevented widespread damage, but the incident exposed fundamental vulnerabilities in how we secure our software supply chains.
Aikido is probably worth checking out since this is the second major breach they have identified this year. Check out Aikido SafeChain (open source), a secure wrapper for npm, npx, yarn… Safechain sits in your current workflows, it works by intercepting npm, npx, yarn, pnpm and pnpx commands and verifying the packages for malware before install against Aikido Intel – Open Sources Threat Intelligence. Stop threats before they hit your machine.
The Broader Implications for Enterprise Security
This attack represents a watershed moment for understanding supply chain risk. Ensar Seker, CISO at SOCRadar, noted that “the compromise of npm packages with over 2.6 billion weekly downloads highlights just how devastating upstream attacks can be when they exploit the foundational trust built into open-source ecosystems”.
The sophistication wasn’t in the malware—it was in the targeting and execution. Seker emphasized how “the attackers used a domain that convincingly mimicked a legitimate one, npmjs.help, to socially engineer the maintainer. This wasn’t a spray-and-pray phishing attempt. It was calculated, timed and executed with a deep understanding of developer psychology”.
According to ReversingLabs’ 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in 2024 targeted npm, indicating this ecosystem has become a primary attack vector for threat actors.
The Attribution Question
While no group has claimed responsibility, the methodology points to sophisticated actors. The attacks come after reports in July warned that the North Korea-backed Lazarus group was targeting open-source packages, including notably npm packages. Ilkka Turunen from Sonatype noted: “It was not a random choice to target the developer of these packages. Package takeovers are now a standard tactic for advanced persistent threat groups like Lazarus”.
Immediate Actions for IT Leaders
Assessment Phase:
- Audit Dependencies: Search package-lock.json, pnpm-lock.yaml, and yarn.lock files for the compromised versions
- Build Cache Purging: Clear all caches on development machines and CI/CD servers to prevent reintroduction of compromised packages
- CDN Invalidation: Force cache invalidation for all JavaScript assets served through CDNs
Remediation Steps:
- Rebuild Applications: Rebuild all applications from clean caches using verified package versions
- Browser-Side Protection: Implement client-side checksums and Subresource Integrity (SRI) where applicable
- Crypto Wallet Security: If applications interact with cryptocurrency wallets, rotate keys and alert affected users
- Telemetry Review: Examine logs for suspicious activity during the attack window (13:16–15:15 UTC on September 8)
Long-Term Supply Chain Security Strategy
This incident underscores the need for comprehensive supply chain security programs that go beyond traditional dependency scanning:
Technical Controls:
- Implement Software Bill of Materials (SBOM) tracking across all applications
- Deploy runtime monitoring to detect suspicious behavior in production
- Establish package pinning strategies to prevent automatic updates to compromised versions
- Create air-gapped build environments for critical applications
Process Improvements:
- Develop incident response procedures specifically for supply chain compromises
- Establish vendor risk assessment programs for critical dependencies
- Implement multi-party approval processes for dependency updates in production systems
Organizational Measures:
- Provide targeted security awareness training for developers on supply chain risks
- Create threat intelligence feeds focused on package ecosystem threats
- Establish relationships with security vendors who monitor open-source repositories
The Human Factor Remains Critical
As security experts noted, “attackers didn’t need to break into servers or bypass technical defenses; they simply hijacked a legitimate maintainer’s account through a targeted phishing campaign”. Even in our highly automated, AI-driven development environments, the human element remains the most vulnerable and most critical component.
The npm attack of September 8, 2025, will likely be remembered as a turning point in how we think about supply chain security. It demonstrated that in our interconnected software ecosystem, a single moment of human vulnerability can potentially compromise billions of applications worldwide. The question for IT leaders isn’t whether the next supply chain attack will happen—it’s whether your organization will be prepared when it does.
For enterprise security teams, this incident serves as a stark reminder that supply chain risk management must be treated as a strategic priority, not just a compliance checkbox. The days of treating open-source dependencies as “free and secure by default” are definitively over.
