VYPR
breachPublished May 14, 2026· Updated May 18, 2026· 2 sources

Popular node-ipc npm package compromised to steal credentials

Malicious versions of the widely used node-ipc npm package have been discovered containing obfuscated code designed to steal cloud credentials, SSH keys, and CI/CD secrets from developer machines.

The article about three additional malicious versions of node-ipc (9.1.6, 9.2.3, 12.0.1) containing obfuscated stealer/backdoor behavior is being appended to the existing story about the node-ipc compromise.

Synthesized by Vypr AI
Popular node-ipc npm package compromised to steal credentials · VYPR