npm 19

• Malicious npm Package Exfiltrated Files from Claude AI User Directories May 27, 2026
• npm Launches Staged Publishing with 2FA Gating to Counter Supply Chain Attacks May 23, 2026
• Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack May 20, 2026
• Grafana Labs Source Code Exposed via GitHub Breach Linked to TanStack npm Attack May 19, 2026
• New Shai-Hulud Wave Compromises 600+ npm Packages in Fresh Supply Chain Hit May 19, 2026
• Compromised Nx Console 18.95.0 Delivers Credential Stealer to 2.2M VS Code Users May 19, 2026
• node-ipc npm Package Compromised in Supply Chain Attack to Steal Credentials May 15, 2026
• TanStack Supply Chain Attack Compromised Two OpenAI Employee Devices, Credentials Stolen May 15, 2026
• TeamPCP Releases Shai-Hulud Worm Source Code, Invites Supply Chain Attacks with Monetary Rewards May 15, 2026
• TanStack npm Supply Chain Attack Hits Multiple AI Companies May 14, 2026
• Mini Shai-Hulud: Dissecting the SAP CAP npm Supply Chain Worm May 10, 2026
• Dozen Critical Vulnerabilities in vm2 Node.js Library Enable Sandbox Escape and RCE May 6, 2026
• TeamPCP 'Mini Shai-Hulud' Supply Chain Attack Hits SAP npm Packages May 1, 2026
• Google Patches CVSS 10 Gemini CLI RCE Enabling Supply-Chain Code Execution Apr 30, 2026
• SAP npm Packages Compromised in Credential-Stealing Supply Chain Attack Apr 29, 2026
• DPRK Threat Actors Use Claude Opus to Plant Malicious npm Packages Apr 29, 2026
• Unit 42 Maps npm Attack Surface: Wormable Malware, CI/CD Persistence, and Multi-Stage Chains Apr 24, 2026
• Bitwarden npm Supply Chain Attack Attributed to TeamPCP; Shai-Hulud Worm Component Identified Apr 24, 2026
• Checkmarx Supply Chain Attack Compromises Bitwarden CLI and KICS Analysis Tool Apr 23, 2026