{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreihkwd3up46ve33q5kq7zvbvu7e44sp5rgvowajmxqilpgr2yvnusi",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mkwvyihtbqw2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreifen62a6h2b22p4qwhfactpm2akkye7bfw7gwl6fb4g66jz6ifayu"
    },
    "mimeType": "image/jpeg",
    "size": 248110
  },
  "path": "/sap-npm-packages-compromised-in-supply-chain-attack-targeting-developer-secrets/",
  "publishedAt": "2026-05-02T16:24:56.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "SAP npm Packages Compromised in Supply Chain Attack Targeting Developer Secrets",
    "VPN Central",
    "@cap-js"
  ],
  "textContent": "Several SAP-related npm packages were compromised in a supply chain attack designed to steal developer credentials, cloud secrets, and CI/CD tokens. The malicious versions affected packages used in SAP Cloud Application Programming Model and Cloud MTA build workflows. Researchers identified four affected versions: @cap-js/sqlite 2.2.2, @cap-js/postgres 2.2.2, @cap-js/db-service 2.10.1, and mbt 1.2.48. Developers and security […]\n\nThe post SAP npm Packages Compromised in Supply Chain Attack Targeting Developer Secrets appeared first on VPN Central.",
  "title": "SAP npm Packages Compromised in Supply Chain Attack Targeting Developer Secrets"
}