By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Major Supply Chain Attack Compromises Popular npm Packages Including chalk and debug

Open Report

View Report

Written by

Andrew Stiefel

Jenn Gile

Published on

September 8, 2025

Topics

Security

Open Source

Open Report

View Report

Summarize with AI

TL;DR

The attack

An open source maintainer account (Qix) was compromised by a phishing attack, which allowed attackers to inject malicious code into 18 popular npm packages, including chalk and debug.

The impact

These packages collectively see hundreds of millions of weekly downloads. The blast radius is extensive because chalk, debug, and their peers are embedded in popular frameworks, developer tooling, and production services.

The risk and what to do

Any machine installing or building with the compromised versions may have had secrets, credentials, or environment details exfiltrated. Downgrade to safe versions, audit projects, and pin dependencies.

Endor Labs response

We are actively working with our customer base, some of whom have been affected by this incident. Endor Labs customers using malware policies are automatically notified when malware is discovered in their dependencies.

What happened?

Attackers compromised the npm account of Qix, a well-known maintainer. Once inside, they published malicious versions of his libraries, compromising 18 widely-used npm packages, including chalk and debug. The popularity of these packages means many teams may not even realize they are in use, since they are pulled in as transitive dependencies by other frameworks (e.g., React, Express, build systems).

The injected code attempts to steal sensitive information from the local environment by exfiltrating sensitive information from infected environments and could enable further compromise of developer machines or CI/CD pipelines. At time of writing, no CVE or GHSA identifiers have been assigned (this will surely change as the ecosystem responds).

Who was targeted?

This attack scans strings for crypto wallet addresses, so any organization writing applications related to cryptocurrency is potentially at risk. Additionally, if your organization is heavily reliant on AI generated code, you may see increased risk as these tools lack real-time security signals. How it works:

Wallet hijacking: The malicious code is designed to intercept and manipulate cryptocurrency transactions on a compromised system.
Targeted assets: It targets transactions across multiple crypto assets, including Ethereum, Bitcoin, Solana, Tron, Litecoin, and Bitcoin Cash.
Hidden execution: The malware executes silently within the browser, rewriting wallet addresses and redirecting funds to attacker-controlled accounts without visible signs to the user.

The trend we’re seeing

This attack follows a now-familiar pattern: compromising high-value open source maintainers (see the xz utils attack). It’s particularly dangerous because it weaponizes the trust of the OSS ecosystem. Developers don’t usually audit every dependency; they rely on reputation, wide usage, and the security of registries like npm. Further, these libraries underpin countless JavaScript and Node.js projects, from developer tooling to production systems. The compromise highlights the systemic fragility, where a single maintainer account takeover can ripple across the internet.

What should you do?

Downgrade immediately

Pin dependencies to safe versions published prior to the compromise. Delete your node_modules folder and any lock files (package-lock.json or yarn.lock), then reinstall dependencies to ensure a clean version is installed.

Audit your projects

Immediately check your project's package-lock.json or yarn.lock file by running npm audit or using software composition analysis (SCA) tools to check for affected versions in your dependency tree.