Self Propagating NPM Malware Compromises over 40 Packages
Back to Blog Newsctrl/tinycolor and 40+ NPM Packages CompromisedThe popular @ctrl/tinycolor package with over 2 million weekly downloads has been compromised alongside 40+ other NPM packages in a sophisticated supply chain attack. The malware self-propagates across maintainer packages, harvests AWS/GCP/Azure credentials using TruffleHog, and establishes persistence through GitHub Actions backdoors – representing a major escalation in NPM ecosystem threats.Ashish KurmiView LinkedInSeptember 15, 2025Share on XShare on XShare on LinkedInShare on FacebookFollow our RSS feed Table of ContentsLoading nav…Executive SummaryThe NPM ecosystem is facing another critical supply chain attack. The popular @ctrl/tinycolor package, which receives over 2 million weekly downloads, has been…
