BEAMSTART Logo

HomeNews

Destructive malware available in NPM repo went unnoticed for 2 years

Ars Technica LogoArs Technica12h ago

Destructive malware available in NPM repo went unnoticed for 2 years - Ars Technica

Quick Summary:

Payloads were set to spontaneously detonate on specific dates with no warning.

The packages have been available for download for more than two years and accrued roughly 6,200 downloads over that time.“What makes this campaign particularly concerning is the diversity of attack vectors—from subtle data corruption to aggressive system shutdowns and file deletion,” Pandya wrote.“The packages were designed to target different parts of the JavaScript ecosystem with varied tactics.

Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year span, in yet another discovery showing the hidden threats users of such open source archives face.

More Pictures

Destructive malware available in NPM repo went unnoticed for 2 years - Ars Technica (Picture 1)

or

Article Details

Author / Journalist: Dan Goodin

Category: Technology

Markets:

Topics:

Source Website Secure: Yes (HTTPS)

News Sentiment: Negative

Fact Checked: Legitimate

Article Type: News Report

Published On: 2025-05-22 @ 19:15:27 (12 hours ago)

News Timezone: GMT -5:00

News Source URL: arstechnica.com

Language: English

Article Length: 132 words

Reading Time: 1 minutes read

Sentences: 24 lines

Sentence Length: 6 words per sentence (average)

Platforms: Desktop Web, Mobile Web, iOS App, Android App

Copyright Owner: © Ars Technica

News ID: 28915240

View Article Analysis

About Ars Technica

Ars Technica Logo

Main Topics: Technology

Official Website: arstechnica.com

Update Frequency: 18 posts per day

Year Established: 1998

Headquarters: United States

News Last Updated: 9 hours ago

Coverage Areas: United States

Ownership: Independent Company

Publication Timezone: GMT -5:00

Content Availability: Worldwide

News Language: English

RSS Feed: Available (XML)

API Access: Available (JSON, REST)

Website Security: Secure (HTTPS)

Publisher ID: #32

Publisher Details

Frequently Asked Questions

How long will it take to read this news story?

The story "Destructive malware available in NPM repo went unnoticed for 2 years" has 132 words across 24 sentences, which will take approximately 1 - 2 minutes for the average person to read.

Which news outlet covered this story?

The story "Destructive malware available in NPM repo went unnoticed for 2 years" was covered 12 hours ago by Ars Technica, a news publisher based in United States.

How trustworthy is 'Ars Technica' news outlet?

Ars Technica is a fully independent (privately-owned) news outlet established in 1998 that covers mostly technology news.

The outlet is headquartered in United States and publishes an average of 18 news stories per day.

It's most recent story was published 9 hours ago.

What do people currently think of this news story?

The sentiment for this story is currently Negative, indicating that people regard this as "bad news".

How do I report this news for inaccuracy?

You can report an inaccurate news publication to us via our contact page. Please also include the news #ID number and the URL to this story.
  • News ID: #28915240
  • URL: https://gaia.beamstart.com/news/destructive-malware-available-in-npm-1747944617768

BEAMSTART

BEAMSTART is a global entrepreneurship community, serving as a catalyst for innovation and collaboration. With a mission to empower entrepreneurs, we offer exclusive deals with savings totaling over $1,000,000, curated news, events, and a vast investor database. Through our portal, we aim to foster a supportive ecosystem where like-minded individuals can connect and create opportunities for growth and success.

Connect with Us

Discover More

© Copyright 2025 BEAMSTART. All Rights Reserved.