Malicious node-ipc npm versions expose developer secrets in supply chain attack

Three newly published versions of the popular node-ipc npm package were compromised with credential-stealing malware, creating risk for developers, CI/CD systems, and cloud environments that installed them. The affected versions are node-ipc 9.1.6, 9.2.3, and 12.0.1. Security researchers at Socket, StepSecurity, Snyk, and SafeDep identified the versions as malicious after they appeared on npm on […] The post Malicious node-ipc npm versions expose developer secrets in supply chain attack appeared first on VPN Central.