Popular npm Packages Hacked to Distribute Malware

In recent weeks, a number of open-source developers have fallen victim to phishing attacks. As a result, malware infiltrated packages, some of which receive 30 million downloads per week.

Toptal

At the end of last week, cybersecurity specialists from the company Socket reported the compromise of 10 npm packages belonging to Toptal, a platform that connects freelancers with companies, assisting them in finding developers, designers, and financial experts. Additionally, Toptal maintains its own internal development tools and design systems, such as Picasso, which are available via GitHub and NPM.

According to researchers, on July 20, 2025, attackers hacked GitHub Toptal and almost immediately made all 73 of the company’s repositories public, exposing all private projects and source codes.

After that, the attackers modified the source code of Picasso on GitHub, incorporating malware, and published 10 malicious packages on npm, disguising them as legitimate updates.

Attackers injected malware into package code to steal data, which collected GitHub authentication tokens and then deleted data from victims’ systems. Specifically, hackers inserted malicious code into package.json files to add two functions: data theft (preinstall script) and host cleanup (postinstall script).

By the time the attack was discovered, the infected packages had been downloaded approximately 5,000 times.

The following packages have been subjected to malicious modifications:

• @toptal/picasso-tailwind (3.1.0)
• @toptal/picasso-charts (59.1.4)
• @toptal/picasso-shared (15.1.0)
• @toptal/picasso-provider (5.1.1)
• @toptal/picasso-select (4.2.2)
• @toptal/picasso-quote (2.1.7)
• @toptal/picasso-forms (73.3.2)
• @xene/core (0.4.1)
• @toptal/picasso-utils (3.2.0)
• @toptal/picasso-typography (4.1.4)

Toptal ceased support for the malicious packages on July 23 and reinstated the “clean” versions. However, the company did not make any official announcements or attempt to warn users who had downloaded the malicious versions of the packages about the risks.

Researchers note that it is still unclear how exactly this attack was carried out, and how the compromise and changes in the GitHub repository were connected to the publication of packages in npm.

Other Hacks in Recent Weeks

The attack on Toptal has already become the third incident in the last week and a half related to attacks on open-source supply chains.

On July 19, it became known about the hacking of several popular JavaScript libraries, whose developers were affected by targeted phishing and credential theft.

During one attack, the npm package eslint-config-prettier, which has over 30 million downloads per week, was compromised. Its maintainer JounQin confirmed that he became a victim of a phishing attack after receiving an email from support@npmjs.com. The link in this message led to the fraudulent npnjs[.]com, which the developer did not notice.

Other packages (eslint-plugin-prettier, synckit, @pkgr/core, and napi-postinstall) by this maintainer were also compromised.

As a result, the compromise affected:

• eslint-config-prettier (8.10.1, 9.1.1, 10.1.6, 10.1.7)
• eslint-plugin-prettier (4.2.2,  4.2.3)
• synckit (0.11.9)
• @pkgr/core (0.2.8)
• napi-postinstall (0.3.1)
• got-fetch (5.1.11, 5.1.12)

In this case, the attackers used stolen credentials to publish several versions of packages containing malicious code aimed at infecting machines running Windows.

In the malicious versions of the packages, the script install.js was configured to execute immediately after installation. It contained a suspicious function, logDiskSpace(), which, contrary to its name, attempted to execute node-gyp.dll, included in the package, via the system process rundll32. As a result, the Scavanger stealer infiltrated the victims’ systems.

According to the scan on VirusTotal, this DLL is recognized as a trojan.

“The maintainer confirmed that their npm token was compromised through a phishing email, supposedly from npnjs[.]com. The attackers used the stolen credentials to publish malicious versions of several packages without affecting the repositories on GitHub, making the attack harder to detect,” explained Socket analysts.

Since Prettier and ESLint are used in thousands of projects, researchers warned that the consequences of this compromise could be devastating, as the malware injected into the packages is quite difficult to remove.

Shortly after this attack, developer Jordan Harband warned that the popular package “is,” which is downloaded more than 2.8 million times a week, was also compromised. Versions 3.3.1-5.0.0 contained malware and were removed approximately six hours after being published on npm.

The is package is a lightweight JavaScript library that offers a wide range of functions for type checking and value validation. The library is actively used as a low-level dependency in development tools, testing libraries, build systems, as well as in backend and CLI projects.

In this case, the hack was also the result of a successful phishing attack using the aforementioned domain npnjs[.]com. The maintainer’s credentials were similarly stolen, and then modified and malicious versions of the package were published.

A cross-platform JavaScript malware loader was embedded in the code, which opened a WebSocket-based backdoor in the affected systems, enabling remote execution of arbitrary code.

“After activation, the malware accesses the os module in Node.js to gather the hostname, operating system and processor details, and extracts all environment variables from process.env,” explained Socket specialists. “It then dynamically imports the ws library to transmit this data via a WebSocket connection. Each message received through the socket is interpreted as executable JavaScript code, effectively providing the attacker with an instant interactive remote shell.”

Developers working with any of the aforementioned compromised packages are now advised to ensure that none of the malicious versions are installed or used in their products.