Supply Chain Security

A Timeline of npm Supply Chain Attacks: 2017–2026

Supply chain attacks on npm are not new. They are accelerating. In 2017, the first typosquatting malware made headlines. By 2026, state-sponsored actors are hijacking packages with 100 million weekly downloads. Here is every major incident, what happened, and the patterns that repeat.

Published April 2, 2026

The pattern that keeps repeating

Look at any npm supply chain attack and you will find one or more of these vectors: a maintainer account is compromised, a new dependency is injected, a brand-new package appears under a lookalike name, or an install script runs code at npm install time. The attackers change. The sophistication increases. But the patterns are remarkably consistent.

crossenv
2017
Unknown

Typosquatting

A lookalike of cross-env that harvested environment variables (including npm tokens) and sent them to an attacker-controlled server. Roughly 40 related typosquat packages were discovered and removed.

first_seen
malware
event-stream / flatmap-stream
2018
8M weekly

Maintainer takeover + dependency injection

Attacker right9ctrl gained publish access from the original maintainer, then injected flatmap-stream — a brand-new package containing an encrypted payload targeting the Copay Bitcoin wallet. Undetected for over two months.

publisher_change
unexpected_deps
first_seen
eslint-scope
2018
25M weekly

Maintainer credential theft

An ESLint maintainer's npm token was stolen. The attacker published eslint-scope@3.7.2 with a postinstall script that harvested npm tokens from .npmrc files on developer machines.

publisher_change
install_scripts
malware
ua-parser-js
2021
24M weekly

Account hijack

Maintainer account compromised. Malicious versions 0.7.29, 0.8.0, and 1.0.0 deployed cryptominers on Linux and credential stealers on Windows. Affected versions were live for approximately four hours.

publisher_change
install_scripts
malware
coa / rc
2021
23M / 14M weekly

Account hijack

Maintainer accounts for two widely-used packages in the React ecosystem were compromised on the same day. Malicious versions ran cryptominers via install scripts. Broke create-react-app builds globally.

publisher_change
install_scripts
malware
colors.js / faker.js
2022
23M / 3M weekly

Maintainer sabotage

Original maintainer Marak Squires published corrupted versions as a protest against open source exploitation. colors@1.4.1 entered an infinite loop printing 'LIBERTY LIBERTY LIBERTY'. Broke thousands of downstream projects.

malware
score
node-ipc
2022
1M weekly

Maintainer sabotage (protestware)

Maintainer added geopolitically-targeted code that overwrote files with heart emojis on systems with Russian or Belarusian IP addresses. Published as a 'protest' against the invasion of Ukraine.

malware
unexpected_deps
lottie-player
2024
2M weekly

Account compromise

A LottieFiles maintainer's npm token was stolen. Malicious versions injected a crypto wallet drainer into the package, targeting users of web applications that displayed Lottie animations.

publisher_change
malware
Shai-Hulud campaign
2025
Targeted

Typosquatting + install scripts

A coordinated campaign publishing hundreds of typosquat packages mimicking popular CLI tools and utilities. Each package ran install scripts that exfiltrated system information and established reverse shells.

first_seen
install_scripts
malware
Qix- phishing campaign
2025
Targeted

Maintainer phishing

Coordinated phishing campaign targeting npm maintainers of popular packages. Fake npm security alerts led to credential harvesting pages. Multiple maintainer accounts were compromised before the campaign was detected.

publisher_change
first_seen
eslint-config-prettier
2025
9M weekly

Account compromise

Maintainer credentials compromised. A malicious version was published that added an install script to exfiltrate environment variables. Detected within hours by community members who noticed the unexpected postinstall script.

publisher_change
install_scripts
malware
axios
2026
100M weekly

State-sponsored account hijack

North Korean UNC1069 compromised an axios maintainer account via phishing and published version 1.14.1 with a RAT payload in the postinstall script. Live for approximately two hours. The largest npm package ever compromised.

malware
publisher_change
install_scripts
first_seen

The attacks are accelerating

In 2017, one typosquat package made the news. In 2021, three major attacks hit in a single year. In 2023, Sonatype reported over 7,000 malicious npm packages discovered. By 2026, state-sponsored actors are targeting the most-downloaded packages in the ecosystem.

The trend is clear: attacks are getting more frequent, more sophisticated, and targeting higher-value packages. The blast radius is growing. Event-stream had 8 million weekly downloads. ua-parser-js had 24 million. axios has 100 million.

What you can do about it

Every attack in this timeline shares a common property: it happened at install time. The malicious code was delivered through npm install. By the time a CI scanner, pull request check, or security audit runs, the code has already been downloaded and — in many cases — already executed via install scripts.

Install-path enforcement evaluates packages before they reach your machine. nproxy sits between your package manager and upstream registries, applying seven security rules to every package request. Publisher changes, new dependencies, brand-new packages, install scripts, known malware, low trust scores, and known vulnerabilities are all evaluated at fetch time.

You do not need to change your workflow. One line in .npmrc. Your team keeps using npm install as usual.

Your team is one npm install away from compromise

Every attack on this timeline was delivered through a normal npm install. nproxy blocks them at the registry layer — before code reaches your machines.

Protect a repoRead the docs