Bitget App
Trade smarter
Open
HomepageSign up
Bitget>
News>
Another attack targeting the NPM supply chain occurs as @ctrl/tinycolor releases a malicious version

Another attack targeting the NPM supply chain occurs as @ctrl/tinycolor releases a malicious version

Chaincatcher2025/09/16 01:35

ChainCatcher news, Scam Sniffer has detected another attack targeting the NPM supply chain. The malicious version of @ctrl/tinycolor (with a weekly download volume of 2.2 million) was released, which runs an information-stealing program during the npm postinstall script execution to scan and steal sensitive data.

This malicious payload abuses the legitimate sensitive information scanning tool TruffleHog. Please check if you have downloaded the affected version, suspend installation/update operations, and lock the version to a known safe one.

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
PoolX: Earn new token airdrops
Lock your assets and earn 10%+ APR
Lock now!

You may also like

Trending news

More
1
Crypto Finance, a subsidiary of Deutsche Börse, launches digital asset custody and settlement services
2
Polymarket launches prediction markets for public company earnings

Crypto prices

More
Bitcoin
Bitcoin
BTC
$115,752.89
+0.08%
Ethereum
Ethereum
ETH
$4,512.06
-1.10%
XRP
XRP
XRP
$3.02
+1.07%
Tether USDt
Tether USDt
USDT
$1
+0.00%
BNB
BNB
BNB
$929.98
+1.02%
Solana
Solana
SOL
$235.88
-0.24%
USDC
USDC
USDC
$1.0000
+0.02%
Dogecoin
Dogecoin
DOGE
$0.2672
+1.17%
TRON
TRON
TRX
$0.3458
-0.71%
Cardano
Cardano
ADA
$0.8692
+0.37%
How to sell PI
Bitget lists PI – Buy or sell PI quickly on Bitget!
Trade now
Become a trader now?A welcome pack worth 6200 USDT for new users!
Sign up now
Trade smarter