6:[["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"NewsArticle\",\"headline\":\"Supply-chain attack hits dozens of popular open-source packages\",\"description\":\"Maintainers urge teams to audit dependencies after malicious releases were detected on npm.\",\"datePublished\":\"2026-05-17\",\"dateModified\":\"2026-05-17\",\"author\":{\"@type\":\"Person\",\"name\":\"Muhammad Fareed\"},\"publisher\":{\"@type\":\"Organization\",\"name\":\"IT Question Answer\",\"url\":\"https://www.itquestionanswer.com\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https://www.itquestionanswer.com/itqa-logo.png\"}},\"mainEntityOfPage\":{\"@type\":\"WebPage\",\"@id\":\"https://www.itquestionanswer.com/tech-news/security/supply-chain-attack-open-source-packages\"},\"keywords\":\"security, npm, supply-chain\"}"}}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"BreadcrumbList\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https://www.itquestionanswer.com\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Tech News\",\"item\":\"https://www.itquestionanswer.com/tech-news\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Security\",\"item\":\"https://www.itquestionanswer.com/tech-news/security\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Supply-chain attack hits dozens of popular open-source packages\",\"item\":\"https://www.itquestionanswer.com/tech-news/security/supply-chain-attack-open-source-packages\"}]}"}}],["$","div",null,{"className":"page_questionPage__SkSDU","children":["$","div",null,{"className":"container","children":["$","div",null,{"className":"page_layout__cnRuN","children":[["$","article",null,{"className":"page_mainContent__pR8Z7","children":[["$","$Ld",null,{"href":"/tech-news/security","className":"page_backLink__nYU82","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":18,"height":18,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-arrow-left","children":[["$","path","1l729n",{"d":"m12 19-7-7 7-7"}],["$","path","x3x0zl",{"d":"M19 12H5"}],"$undefined"]}],"Back to ","Security"]}],["$","header",null,{"className":"page_header__84iTT","children":[["$","h1",null,{"children":"Supply-chain attack hits dozens of popular open-source packages"}],["$","div",null,{"className":"page_meta__0HYAu","children":[["$","$Ld",null,{"href":"/tech-news/security","className":"page_category__n8zSO","children":"Security"}],["$","span",null,{"className":"page_metaItem__2hV08","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":16,"height":16,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-clock","children":[["$","circle","1mglay",{"cx":"12","cy":"12","r":"10"}],["$","polyline","68esgv",{"points":"12 6 12 12 16 14"}],"$undefined"]}],["$","time",null,{"dateTime":"2026-05-17","children":"May 17, 2026"}]]}],["$","span",null,{"className":"page_metaItem__2hV08","children":["By ","Muhammad Fareed"]}],"$undefined"]}],["$","div",null,{"className":"page_tags__tKYkE","children":[["$","span","security",{"className":"page_tag__8xeUz","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":14,"height":14,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-tag","children":[["$","path","vktsd0",{"d":"M12.586 2.586A2 2 0 0 0 11.172 2H4a2 2 0 0 0-2 2v7.172a2 2 0 0 0 .586 1.414l8.704 8.704a2.426 2.426 0 0 0 3.42 0l6.58-6.58a2.426 2.426 0 0 0 0-3.42z"}],["$","circle","kqv944",{"cx":"7.5","cy":"7.5","r":".5","fill":"currentColor"}],"$undefined"]}],"security"]}],["$","span","npm",{"className":"page_tag__8xeUz","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":14,"height":14,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-tag","children":[["$","path","vktsd0",{"d":"M12.586 2.586A2 2 0 0 0 11.172 2H4a2 2 0 0 0-2 2v7.172a2 2 0 0 0 .586 1.414l8.704 8.704a2.426 2.426 0 0 0 3.42 0l6.58-6.58a2.426 2.426 0 0 0 0-3.42z"}],["$","circle","kqv944",{"cx":"7.5","cy":"7.5","r":".5","fill":"currentColor"}],"$undefined"]}],"npm"]}],["$","span","supply-chain",{"className":"page_tag__8xeUz","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":14,"height":14,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-tag","children":[["$","path","vktsd0",{"d":"M12.586 2.586A2 2 0 0 0 11.172 2H4a2 2 0 0 0-2 2v7.172a2 2 0 0 0 .586 1.414l8.704 8.704a2.426 2.426 0 0 0 3.42 0l6.58-6.58a2.426 2.426 0 0 0 0-3.42z"}],["$","circle","kqv944",{"cx":"7.5","cy":"7.5","r":".5","fill":"currentColor"}],"$undefined"]}],"supply-chain"]}]]}]]}],["$","div",null,{"className":"page_content__PWjlJ","dangerouslySetInnerHTML":{"__html":"

Incident summary

Security researchers identified typosquatted packages with obfuscated install scripts targeting developer machines.

Mitigation steps

Pin dependency versions
Enable lockfile verification in CI
Rotate secrets if installs occurred after the compromise window

"}}]]}],["$","aside",null,{"className":"page_sidebar__csUw2","children":[false,["$","div",null,{"className":"page_sidebarSection__DqH6f","children":[["$","h3",null,{"children":"Tech News topics"}],["$","div",null,{"className":"page_categoriesList__B_ngj","children":[["$","$Ld",null,{"href":"/tech-news/ai","children":"AI"}],["$","$Ld",null,{"href":"/tech-news/startups","children":"Startups"}],["$","$Ld",null,{"href":"/tech-news/security","children":"Security"}],["$","$Ld",null,{"href":"/tech-news/apps","children":"Apps"}],["$","$Ld",null,{"href":"/tech-news/venture","children":"Venture"}]]}]]}]]}]]}]}]}]]