Introduction
Node Package Manager (NPM) is the default package manager for JavaScript and Node.js. It allows developers to share, download, and integrate reusable bits of code called packages. These packages form the backbone of modern software development: from small utilities like string formatting to large frameworks powering web applications. But with this convenience comes risk. When attackers compromise an NPM package, the impact can cascade across thousands of applications worldwide. The latest NPM compromise involving popular packages like debug and chalk highlights why supply chain security is one of the biggest concerns for developers and enterprises today.
In September 2025, attackers successfully compromised 18 widely used NPM packages, including debug, chalk, ansi-styles, and strip-ansi. These packages collectively have billions of weekly downloads. The attack began with a phishing campaign targeting a package maintainer. The phishing email, impersonating an NPM support request, tricked the maintainer into revealing credentials, allowing attackers to publish malicious versions of these packages.
The malicious code injected into these versions was sophisticated:
- It wrapped browser APIs like fetch and XMLHttpRequest.
- It intercepted calls to crypto wallets and Web3 APIs.
- It aimed to steal or redirect cryptocurrency transactions.
The compromised versions were live for approximately two hours before being detected and rolled back, but that was enough for some developers and CI/CD pipelines to pull in the malicious code.
Impact
The incident has caused alarm across the developer community and enterprise security teams because:
- Massive reach: Popular packages like debug and chalk are dependencies in thousands of projects.
- Transitive risk: Even if your app doesn’t depend on the affected package directly, a downstream dependency might.
- Financial risk: With targeting of crypto wallets, the potential for theft and fraud is immediate.
- Trust erosion: Developers trust package maintainers and registries; a compromise undermines this trust model.
This is why discussions around supply chain attacks via NPM are not just technical, they affect business, security, and reputation.
Technical Details
Affected Packages and Versions
While the full list is evolving, here are some confirmed compromised packages:
- ansi-styles
- debug
- backslash
- chalk-template
- supports-hyperlinks
- has-ansi
- simple-swizzle
- color-string
- error-ex
- color-name
- is-arrayish
- slice-ansi
- color-convert
- wrap-ansi
- ansi-regex
- supports-color
- strip-ansi
- chalk
The malicious versions were published around Sept 8, 2025, between 13:16 and 15:20 UTC. If your builds occurred during this time frame, you may have been impacted.
How to Check If You’ve Been Affected
- Inspect Dependency Trees: Run npm ls or yarn list to see if your project uses any affected packages.
- Check Lockfiles: Review package-lock.json, yarn.lock, or pnpm-lock.yaml for references to the bad versions.
- Search CI/CD Logs: Look for builds that ran during the compromise window.
- Audit Bundles: For frontend applications, scan-built JavaScript bundles to see if compromised code is included.
- Use SBOMs: If you generate a Software Bill of Materials (SBOM), search it for affected versions.
Hunting Queries
In CI/CD Environments:
In SIEM & EDR:
KQL
SPL
Yara-L
CS
S1
Real-World Detection Example
Using Splunk, we ran a targeted query against web proxy logs to detect downloads of the compromised NPM package versions. The query matched on specific package names and version patterns associated with the September 2025 attack.
Fig. 1: Detection of malicious NPM package versions in Splunk web proxy logs
Detections observed included:
- strip-ansi@7.1.1
- ansi-regex@6.2.1
- ansi-styles@6.2.2
- debug@4.4.2
- error-ex@1.3.3
These events were logged as downloads from registry.npmjs.org over port 443. The results provided visibility into which hosts and IP addresses in the environment had pulled malicious packages.
Action Items:
- Confirm whether the packages were included in builds.
- Investigate if developers or CI/CD agents pulled the versions.
- Hunt for subsequent execution of malicious JavaScript payloads.
This case demonstrates the importance of monitoring both package downloads and runtime behaviors.
SOC Observations:
When the above detections were validated in Microsoft Defender for Endpoint (MDE):
- DeviceNetworkEvents showed connections to registry.npmjs.org, but there were no DeviceFileEvents confirming persistence of the malicious packages.
- The impacted host was identified as a Git-runner, which installs dependencies during builds and then deletes them, explaining the absence of file artifacts.
- Analysts observed some npm install –ignore-scripts activity, but it occurred prior to the compromise and did not include vulnerable versions.
Key takeaway: In CI/CD and build environments, malicious dependencies may not leave behind file traces. Defenders should focus on network telemetry, installation logs, and package resolution events when hunting for supply chain compromises.
Recommendations
Recommendations for mitigation and prevention include:
- Upgrade Immediately: Update to the latest safe versions released after the compromise.
- Audit Pipelines: Ensure builds during the compromise window are redeployed with clean dependencies.
- Enable 2FA: Maintainers should enforce strong MFA to prevent phishing-based account takeovers.
- Pin Dependencies: Use exact version pinning in lockfiles.
- Generate and Monitor SBOMs: Helps quickly identify impacted builds.
- Use Trusted Registries: Mirror or proxy registries with malware scanning.
Conclusion
The NPM compromise of September 2025 is a reminder of the fragility of modern software supply chains. Even a short-lived attack can ripple across thousands of organizations. By auditing dependencies, monitoring builds, and strengthening package security practices, developers and enterprises can reduce risk. But vigilance is key, supply chain attacks will remain one of the most dangerous vectors in software security.
