At least one node-ipc npm package users
May 14, 2026
•[ supply chain attack, malicious package, credential theft ]
Attackers abused a dormant node-ipc npm maintainer account, likely after re-registering an expired maintainer email domain, and published malicious node-ipc versions 9.1.6, 9.2.3, and 12.0.1 on May 14, 2026. The packages contained an obfuscated credential-stealing payload that harvested developer and CI/CD secrets and exfiltrated them through DNS TXT queries.
