Articles tagged #npm
Page 1
color npm package compromised
On September 8 2025, around 13:00 UTC, someone compromised Josh Junon’s npm account (qix) and started publishing backdoored versions of his package.
Someone noticed and let Josh know:
Josh confirmed he’d gotten pwned by a fake 2FA (two-factor authentication) reset e-mail:
The phishing e-mail came from npmsj.help
(registered 3 days prior) and claimed
users had to reset their 2FA:
Page 1
Go back to the homepage.