top of page
perceptive_background_267k.jpg

20+ Popular NPM Packages Compromised (Chalk, Debug, Strip-ANSI, Color-Convert, Wrap-ANSI...)

Published:

4 december 2025 om 21:46:51

Alert date:

5 december 2025 om 08:03:23

Source:

stepsecurity.io

Click to open the original link from this advisory

Massive supply chain attack targeting NPM packages affects 20+ popular JavaScript libraries including debug, chalk, ansi-styles, color-convert, and strip-ansi. Attack compromised maintainer account to inject malicious code designed to steal cryptocurrency wallets and redirect blockchain transactions. Affected packages are downloaded billions of times weekly, making this a critical supply chain compromise. Malicious code specifically targets cryptocurrency users. Attack demonstrates significant risk to JavaScript ecosystem and cryptocurrency security.

Technical details

Mitigation steps:

Affected products:

NPM
debug
chalk
ansi-styles
color-convert
strip-ansi
wrap-ansi

Related links:

https://www.stepsecurity.io/blog/20-popular-npm-packages-compromised-chalk-debug-strip-ansi-color-convert-wrap-ansi

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page