HN

Comments (183)

• Menu

  postalcoder
  PSA: npm/bun/pnpm/uv now all support setting a minimum release age for packages.I also have `ignore-scripts=true` in my ~/.npmrc. Based on the analysis, that alone would have mitigated the vulnerability. bun and pnpm do not execute lifecycle scripts by default.Here's how to set global configs to set min release age to 7 days: ~/.config/uv/uv.toml exclude-newer = "7 days" ~/.npmrc min-release-age=7 # days ignore-scripts=true ~/Library/Preferences/pnpm/rc minimum-release-age=10080 # minutes ~/.bunfig.toml [install] minimumReleaseAge = 604800 # seconds (Side note, it's wild that npm, bun, and pnpm have all decided to use different time units for this configuration.)If you're developing with LLM agents, you should also update your AGENTS.md/CLAUDE.md file with some guidance on how to handle failures stemming from this config as they will cause the agent to unproductively spin its wheels.
• Menu

  h4ch1
  I can't even imagine the scale of the impact with Axios being compromised, nearly every other project uses it for some reason instead of fetch (I never understood why).Also from the report:> Neither malicious version contains a single line of malicious code inside axios itself. Instead, both inject a fake dependency, plain-crypto-js@4.2.1, a package that is never imported anywhere in the axios source, whose only purpose is to run a postinstall script that deploys a cross-platform remote access trojan (RAT)Good news for pnpm/bun users who have to manually approve postinstall scripts.
• majorbugger
  Good morning, or as they say in the NPM world, which package got compromised today?
• Menu

  nananana9
  Package managers are a failed experiment.We have libraries like SQLite, which is a single .c file that you drag into your project and it immediately does a ton of incredibly useful, non-trivial work for you, while barely increasing your executable's size.The issue is not dependencies themselves, it's transitive ones. Nobody installs left-pad or is-even-number directly, and "libraries" like these are the vast majority of the attack surface. If you get rid of transitive dependencies, you get rid of the need of a package manager, as installing a package becomes unzipping a few files into a vendor/ folder.There's so many C libraries like this. Off the top of my head, SQLite, FreeType, OpenSSL, libcurl, libpng/jpeg, stb everything, zlib, lua, SDL, GLFW... I do game development so I'm most familiar with the ones commonly used in game engines, but I'm sure other fields have similarly high quality C libraries.They also bindings for every language under the sun. Rust libraries are very rarely used outside of Rust, and C#/Java/JS/Python libraries are never used outside their respective language (aside form Java ones in other JVM langs).
• Menu

  himata4113
  I recommend everyone to use bwrap if you're on linux and alias all package managers / anything that has post build logic with it.I have bwrap configured to override: npm, pip, cargo, mvn, gradle, everything you can think of and I only give it the access it needs, strip anything that is useless to it anyway, deny dbus, sockets, everything. SSH is forwarded via socket (ssh-add).This limits the blast radius to your CWD and package manager caches and often won't even work since the malware usually expects some things to be available which are not in a permissionless sandbox.You can think of it as running a docker container, but without the requirement of having to have an image. It is the same thing flatpak is based on.As for server deployments, container hardening is your friend. Most supply chain attacks target build scripts so as long as you treat your CI/CD as an untrusted environment you should be good - there's quite a few resources on this so won't go into detail.Bonus points: use the same sandbox for AI.Stay safe out there.
• Menu

  vsgherzi
  Not to beat a dead horse but I see this again and again with dependencies. Each time I get more worried that the same will happen with rust. I understand the fat std library approach won’t work but I really still want a good solution where I can trust packages to be safe and high quality.
• strogonoff
  Essential steps to minimise your exposure to NPM supply chain attacks:— Run Yarn in zero-installs mode (or equivalent for your package manager). Every new or changed dependency gets checked in.— Disable post-install scripts. If you don’t, at least make sure your package manager prompts for scripts during install, in which case you stop and look at what it’s going to run.— If third-party code runs in development, including post-install scripts, try your best to make sure it happens in a VM/container.— Vet every package you add. Popularity is a plus, recent commit time is a minus: if you have this but not that, keep your eyes peeled. Skim through the code on NPM (they will probably never stop labelling it as “beta”), commit history and changelog.— Vet its dependency tree. Dependencies is a vector for attack on you and your users, and any new developer in the tree is another person you’re trusting to not be malicious and to take all of the above measures, too.
• Menu

  wps
  Genuinely how are you supposed to make sure that none of the software you have on your system pulls this in?It’s things like this that make me want to swap to Qubes permanently, simply as to not have my password manager in the same context as compiling software ever.
• zar1048576
  In case it helps, we open-sourced a tool to audit dependencies for this kind of supply-chain issue. The motivation was that there is a real gap between classic “known vulnerability” scanning and packages whose behavior has simply turned suspicious or malicious. We also use AI to analyze code and dependency changes for more novel or generic malicious behavior that traditional scanners often miss.Project: https://point-wild.github.io/who-touched-my-packages/
• tkel
  JS package managers (pnpm, bun) now will ignore postinstall scripts by default. Except for npm, it still runs them for legacy reasons.You should probably set your default to not run those scripts. They are mostly unnecessary. ~/.npmrc : ignore-scripts=true 83M weekly downloads!
• Menu

  jadar
  How much do you want to bet me that the credential was stolen during the previous LiteLLM incident? At what point are we going to have to stop using these package managers because it's not secure? I've got to admit, it's got me nervous to use Python or Node.js these days, but it's really a universal problem.
• Menu

  woeirua
  Supply chain attacks are so scary that I think most companies are going to use agents to hard fork their own versions of a lot of these core libraries instead. It wasn’t practical before. It’s definitely much more doable today.
• mcintyre1994
  The frustrating thing here is that axios versions display on npmjs with verified provenance. But they don’t use trusted publishing: https://github.com/axios/axios/issues/7055 - meaning the publish token can be stolen.I wrongly thought that the verified provenance UI showed a package has a trusted publishing pipeline, but seems it’s orthogonal.NPM really needs to move away from these secrets that can be stolen.
• Hackbraten
  I am now migrating all my unencrypted secrets on my machines to encrypted ones. If a tool supports scripted credential providers (e.g. aws-cli or Ansible), I use that feature. Otherwise, I wrap the executable with a script that runs gpg --decrypt and injects an environment variable.That way, I can at least limit the blast radius when (not if) I catch an infostealer.
• sgt
  Is this an issue for those only using axios on the frontend side like in a VueJS app?
• Menu

  jmward01
  This may not be popular, but is there a place for required human actions or just timed actions to slow down things like this? For instance, maybe a GH action to deploy requires a final human click and to change that to cli has a 3 day cooling period with mandatory security emails sent out. Similarly, you switch to read only for 6 hrs after an email change. There are holes in these ideas but the basic concept is to treat security more like physical security, your goal isn't always to 100% block but instead to slow an attacker for xxx minutes to give the rest of the team time to figure out what is going on.
• raphinou
  I'm working on a multi signature solution that helps to detect unauthorized releases in the case of an account hijack. It is open source, self hostable, accountless and I am looking for feedback!Website: https://asfaload.com/GitHub:https://github.com/asfaload/asfaloadSpec: https://github.com/asfaload/spec
• OlivOnTech
  The attacker went through the hassle to compromise a very widely used package, but use a non standard port (8000) on their C2... If you plan to do something like that, use 443 at least, many corporate network do not filter this one ;)
• wolvesechoes
  I am glad I don't need to touch JS or web dev at all.Now, I tend to use Python, Rust and Julia. With Python I am constantly using few same packages like numpy and matplotlib. With Rust and Julia, I try as much as possible to not use any packages at all, because it always scares me when something that should be pretty simple downloads half of the Internet to my PC.Julia is even worse than Rust in that regard - for even rudimentary stuff like static arrays or properly namespaced enums people download 3rd party packages.
• lepuski
  I believe compartmentalized operating systems like Qubes are the future for defending against these kinds of attacks.Storing your sensitive data on a single bare-metal OS that constantly downloads and runs packages from unknown maintainers is like handing your house key out to a million people and hoping none of them misuse it.
• yoyohello13
  This is just going to get worse and worse as agentic coding gets better. I think having a big dependency tree may be a thing of the past in the coming years. Seems like eventually new malware will be coming out so fast it will basically be impossible to stop.
• riteshkew1001
  Ran npm ci --ignore-scripts in our CI for months but never thought about local dev. Turns out that's the gap, your CI is safe but your laptop runs postinstall on every npm install.The anti-forensics here are much more complicated that I had imagined. Sahring after getting my hands burned.After the RAT deploys, setup.js deletes itself and swaps package.json with a clean stub. Your node_modules looks fine. Only way to know is checking for artifacts: /Library/Caches/com.apple.act.mond on mac, %PROGRAMDATA%\wt.exe on windows, /tmp/ld.py on linux. Or grep network logs for sfrclak.com.Somehow noboady is worried about how agentic coding tools run npm install autonomously. No human in the loop to notice a weird new transitive dep. That attack surface is just getting worsened day by day.
• Menu

  acheong08
  There are so many scanners these days these things get caught pretty quick. I think we need either npm or someone else to have a registry that only lets through packages that pass these scanners. Can even do the virustotal thing of aggregating reports by multiple scanners. NPM publishes attestation for trusted build environments. Google has oss-rebuild.All it takes is an `npm config set` to switch registries anyways. The hard part is having a central party that is able to convince all the various security companies to collaborate rather than having dozens of different registries each from each company.Rather than just a hard-coded delay, I think having policies on what checks must pass first makes sense with overrides for when CVEs show up.(WIP)
• Menu

  aizk
  In light of these nonstop supply chain attacks: Tonight I created /supply-chain-audit -- A simple claude code skill that fetches info on the latest major package vulnerability, then scans your entire ~/ and gives you a report on all your projects.https://github.com/IsaacGemal/claude-skillsIt's a bit janky right now but I'd be interested to hear what people think about it.
• neya
  I wonder if this has any connection with the recent string of attacks including the FBI director getting hacked. The attack surface is large, executed extremely cleanly - almost as if done by a high profile state sponsored actor, just like in Hollywood movies.
• hyperadvanced
  Just sanity checking - if I only ever install axios in a container that has no secrets mounted in to its env, is there any real way I can get pwned by this kind of thing?
• Menu

  bluepeter
  Min release age sucks, but we’ve been here before. Email attachments used to just run wild too, then everyone added quarantine delays and file blocking and other frictions... and it eventually kinda/sorta worked. This does feel worse, though, with fewer chokepoints and execution as a natural part of the expectation.Edit: bottom line is installs are gonna get SOOO much more complicated. You can already see the solution surface... Cooling periods, maintainer profiling, sandbox detonation, lockfile diffing, weird publish path checks. All adds up to one giant PITA for fast easy dev.
• marjipan200
  Incident tracking:https://github.com/axios/axios/issues/10604
• Surac
  All these supply chain attacks make me nervous about the apps I use. It would be valuable info if an app used such dependencies, but on the other hand, programmers would cut their sales if they gave you this info.
• Menu

  pjmlp
  The amount of people still using this instead of fetch. Nonetheless when wasn't axios, it would be something else.This is why corporations doing it right don't allow installing the Internet into dev machines.Yet everyone gets to throw their joke about PC virus, while having learnt nothing from it.
• charcircuit
  Hopefully desktop Linux users will start to understand that malware actually does exist for Linux and that their operating system is doing nothing to protect them from getting RATed.
• dhruv3006
  174025 dependents.
• Menu

  mtud
  Supply chain woes continue
• ksk23
  One paragraph is written two times??
• Menu

  koolba
  > Both versions were published using the compromised npm credentials of a lead axios maintainer, bypassing the project's normal GitHub Actions CI/CD pipeline.Doesn’t npm mandate 2FA as of some time last year? How was that bypassed?
• anon
  undefined
• Kinrany
  Running almost anything via npx will trigger this
• leventhan
  PSA: Make sure to set a minimum release age and pin versions where possible.
• neya
  The NPM ecosystem is a joke. I don't even want anything to do with it, because my stack is fully Elixir. But, just because of this one dependency that is used in some interfaces within my codebase, I need to go back to all my apps and fix it. Sigh.JavaScript, its entire ecosystem is just a pack of cards, I swear. What a fucking joke.
• Menu

  0x500x79
  Pin your dependencies folks! Audit and don't upgrade to every brand new version.
• rtpg
  Please can we just have a 2FA step on publishing? Do we really need a release to be entirely and fully automated?It won't stop all attacks but definitely would stop some of these
• aa-jv
  I have a few projects which rely on npm (and react) and every few months I have to revisit them to do an update and make sure they still build, and I am basically done with npm and the entire ecosystem at this point.Sure, its convenient to have so much code to use for basic functionality - but the technical debt of having to maintain these projects is just too damn high.At this point I think that, if I am forced to use javascript or node for a project, I reconsider involvement in that project. Its ecosystem is just so bonkers I can't justify the effort much longer.There has to be some kind of "code-review-as-a-service" that can be turned on here to catch these things. Its just so unproductive, every single time.
• Menu

  8cvor6j844qw_d6
  Should increase the delay to dependency updates.
• shevy-java
  NPM gets worse than russian roulette. Perhaps we have to rename russian roulette to node roulette: noulette.
• Menu

  tonymet
  Has anyone tested general purpose malware detection on supply chains ? Like clamscan . I tried to test the LiteLLM hack but the affected packages had been pulled. Windows Defender AV has an inference based detector that may work when signatures have not yet been published
• anon
  undefined
• 0x1ceb00da
  Coded has zero nom dependencies. Neat!
• pasanhk
  Lmao
• lucasay
  [dead]
• firekey_browser
  [dead]
• stevenmh
  [dead]
• Menu

  franciscop
  [flagged]
• Menu

  imrozim
  [flagged]
• Menu

  slopinthebag
  It's reasons like this why I refuse to download Node or use anything NPM. Thankfully other languages are better anyways.
• k4binSecurity
  local [fuction][Password and Key and DMS] Axes [Password and K [UserID] --1234567890-- [Hacking error Message -- Hello -- hacker typer --97283710-- Security