npm Chalk and Debug Packages Hit in Software Supply Chain Attack

September 09, 2025 By Sonatype Security Research Team

7 minute read time

npm Chalk and Debug Packages Hit in Software Supply Chain Attack

9:01

The recent compromise of widely used npm packages chalk, debug, and more than a dozen others reveals that even the most trusted open source projects are not immune to compromise.

Collectively, these packages see more than 2 billion downloads every week, amplifying the far-reaching consequences of this attack.

When adversaries successfully take over one of these critical distribution points, they can instantly embed malicious code into many systems downstream. These incidents are not fringe events but global in scope, revealing the fragility of modern software supply chains.

By infiltrating trusted open source projects, attackers gain a powerful foothold in the world's software infrastructure. Our role — and responsibility — is to help organizations recognize this reality that open source developers are the new frontline of cyberattacks, prepare for it, and adopt the practices and tools necessary to defend against it.

Sonatype Security Research is continuing to uncover additional packages impacted by this hijack campaign, including duckdb which sees nearly 150,000 downloads per week. The full list is included at the bottom of this blog post and will be updated as additional impacted packages are identified. Sonatype is tracking these incidents as sonatype-2025-003716 and sonatype-2025-003727. If you believe you have been impacted, visit our Guide to Removing Malware.

Anatomy of the Attack

The attack began when a threat actor successfully gained control of a developer's npm account, enabling them to publish malicious versions of widely used packages.

Once the attacker had publishing access, they inserted a malicious payload designed specifically for cryptocurrency theft, putting downstream applications and their users at immediate risk.

In summary, the core details of the compromise include:

Packages affected: Chalk, debug, and more than 16 others
Attack vector: Account takeover of a single developer
Payload intent: Theft of cryptocurrency and potentially other secrets

While the full timeline of events is still being assembled, early reporting indicates the compromised packages were active in the registry for a period before being detected and removed.

Additional npm Packages Hijacked

Sonatype Security Research uncovered four additional packages, published by a separate maintainer, that also appear to be hijacked by the same threat actor:

proto-tinker-wc : 0.1.87
prebid-universal-creative : 1.17.3
prebid : 10.9.1
prebid.js : 10.9.2

Similarly, each of these packages on npm published new versions this morning, containing an identical backdoor to the previously reported packages, tracked as sonatype-2025-003716.

The Bigger Picture: A New Playbook

This takeover follows a classic pattern now an established part of sophisticated threat actors' methods — by taking over popular open source packages, adversaries can steal secrets, leave behind backdoors, and infiltrate organizations. We have seen this strategy become a key tool for advanced persistent threats (APTs), like the Lazarus Group most recently.

Targeting the developer of these packages was no coincidence. APTs know they can reach a large amount of the world's developer population by infiltrating a single under-resourced project.

By hitting the right maintainer with the right social engineered message, attackers can reach millions of developers.

The Impact on the Ecosystem

The affected npm packages collectively receive more than 2 billion downloads every week.

Such extensive reach ensures the impact extends far beyond a few isolated projects, creating a ripple effect that influences the entire software ecosystem.

The risks introduced by this compromise transcend the immediate theft of cryptocurrency. Once malicious code is embedded into trusted packages, attackers gain powerful avenues for deeper exploitation:

Theft of secrets: API keys, tokens, and sensitive credentials can be harvested.
Persistent backdoors: Malicious actors may establish footholds for future attacks, long after the initial compromise.
Broader infiltration: Compromised packages can serve as launchpads for adversaries to move laterally within organizations.

For security and development teams, the most pressing step is to review their software bills of materials (SBOMs) immediately. By examining SBOMs against the known compromised versions, organizations can quickly identify if they are at risk. Any system found to include these packages should be treated as potentially compromised and remediated accordingly.

Lessons Learned

This incident highlights important lessons for both developers who publish packages and enterprises that consume them.

For developers, the key takeaways include:

Recognize that maintainers are high-value targets. Attackers are increasingly zeroing in on popular but under-resourced projects, knowing that a single compromised account gives them massive reach.
Secure publishing credentials. Enabling multi-factor authentication (MFA), rotating tokens regularly, and using secure hardware or password managers are essential steps to protect accounts from takeover.

For enterprises, the lessons extend further downstream:

Maintain visibility into dependencies. SBOMs and software composition analysis (SCA) are critical for quickly identifying whether your applications rely on compromised packages.
Assume compromise where affected versions are present. Any machine running impacted packages should be treated as potentially breached, with incident response procedures applied accordingly.

How Sonatype Protects Against These Attacks

When this compromise came to light, the Sonatype Security Research team immediately began analyzing the malicious packages to understand how they worked and the risks they posed.

By breaking down both the obfuscated and deobfuscated code, our researchers confirmed the payload's focus on cryptocurrency theft and validated that the attack followed a familiar pattern: adversaries leveraging the trust of widely used open source projects to gain large-scale access.

Visibility is the cornerstone of resilience in the software supply chain. Organizations need to know exactly which components are used across their applications to respond quickly when a compromise occurs. Practices like SBOM management and SCA provide that visibility, enabling teams to immediately determine whether they have been affected when incidents like this arise. By combining deep security research with long-term supply chain visibility, Sonatype helps organizations stay ahead of adversaries who increasingly treat open source ecosystems as prime targets.

This Is Not The Last Package Takeover

Software supply chain attacks like this one are no longer rare anomalies — they have become a standard tactic for sophisticated adversaries. By targeting popular open source maintainers, attackers can reach millions of developers and organizations instantly. This highlights how today's software ecosystem is both interconnected and vulnerable to exploitation.

Yet again we see a pressing need for improved supply chain security measures and greater vigilance in monitoring third-party software registries developers. Organizations must prioritize security at every stage of the development process to mitigate risks associated with third-party dependencies.

Sonatype Repository Firewall and Sonatype Lifecycle stay on top of nascent attacks and vulnerabilities and provide you with detailed insights to thwart previously undetected malware and vulnerable components from reaching your builds. Check out the Guide to Removing Malware if you believe you have been impacted.

All Packages Impacted by Hijack

Last updated 10:33 a.m. ET on September 9, 2025

@coveops/abi : 2.0.1
@duckdb/duckdb-wasm - 1.29.2
@duckdb/node-api : 1.3.3
@duckdb/node-bindings : 1.3.3
ansi-regex : 6.2.1
ansi-styles : 6.2.2
backslash : 0.2.1
chalk : 5.6.1
chalk-template : 1.1.1
color : 5.0.1
color-convert : 3.1.1
color-name : 2.0.1
color-string : 2.1.1
debug : 4.4.2
duckdb : 1.3.3
error-ex : 1.3.3
has-ansi : 6.0.1
is-arrayish : 0.3.3
prebid : 10.9.2
prebid-universal-creative : 1.17.3
prebid.js : 10.9.2
proto-tinker-wc : 0.1.87
simple-swizzle : 0.2.3
slice-ansi : 7.1.1
strip-ansi : 7.1.1
supports-color : 10.2.1
supports-hyperlinks : 4.1.1
wrap-ansi : 9.0.1

Written by Sonatype Security Research Team

Sonatype's Security Research Team is focused on bringing real-time, in-depth intelligence and actionable information about open source and third party vulnerabilities to Sonatype customers.