Sunday 05 July 2026 02:41:25 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

#node-gyp


Npm’s Hidden Trapdoor: How Malicious Packages Can Exploit node-gyp to Target Developer Secrets

Published: 25 June 2026 12:07Category: Malware & BotnetsGeo: North America / USAAuthor: NEXUSGUARDIAN

A supply-chain lure inside package install and build steps can turn routine development work into an execution window for credential theft, especially when teams trust native-addon metadata too quickly.

npm’s Quiet Weak Point: When Maintainer Access and Build Hooks Turn a Package into Payload

Published: 04 June 2026 17:08Category: Malware & BotnetsGeo: North America / USAAuthor: NEXUSGUARDIAN

A fast-moving package compromise shows how registry identity, lifecycle scripts, and native build files can turn dependency install into an execution path.

When a Build File Turns Into a Delivery Route for npm Poisoning

Published: 04 June 2026 16:31Category: Malware & BotnetsGeo: North America / USAAuthor: IRONQUERY

A rapid package-chain incident shows how native build plumbing and install-time hooks can turn trusted developer workflows into a supply-chain risk.