New Malware Discovered in npm Packages

Cybersecurity researchers have discovered four new npm packages that are infected with infostealing malware. These packages have been disseminated within the developer community and could potentially endanger a large number of users. One of the packages is a clone of the Shai-Hulud worm, which was originally open-sourced by TeamPCP. The affected packages are chalk-tempalte, @deadcode09284814/axios-util, axois-utils, and color-style-utils. The package chalk-tempalte has recorded up to 825 downloads, indicating significant distribution.

The other packages also have high download numbers, including axois-utils with 963 downloads and color-style-utils with 934 downloads. These figures highlight the risk posed by these packages, as they are widely used in the developer community. The malware in these packages is designed to steal sensitive information from users, including login credentials, API keys, and other confidential data that are of high interest to attackers. Researchers warn that using these packages in projects can lead to significant security risks.

The discovery of these malware packages occurs in a context where the security of software development environments is increasingly coming into focus. Attacks via package managers are not new; however, the current incidents demonstrate that threats are becoming more sophisticated. Developers should therefore exercise caution and regularly check their dependencies for vulnerabilities. Security research has gained importance in recent years, particularly concerning open-source software. The community is called upon to ensure that such threats are quickly identified and neutralized.

The release of security updates and patches is crucial to maintaining the integrity of software projects. The affected packages have already been removed from the npm registry to prevent further infections. Developers who have used these packages in their projects are strongly urged to check their systems for possible infections. Security researchers recommend using alternative, trusted packages to ensure the security of applications. The incidents underscore the need for training and awareness initiatives for developers to raise awareness of security risks.

Implementing best practices in software development can help reduce the likelihood of malware infections. This includes regularly reviewing dependencies and utilizing security tools. The discovery of these malware packages is another indication of the challenges facing the software development industry. The threat of malware in package managers is expected to continue increasing, highlighting the need for proactive security measures. According to a recent study, over 30% of developers have already encountered security issues in their projects.

The vulnerability exploited by these packages could potentially affect thousands of developers who rely on npm. Researchers advise implementing security policies and conducting regular audits to minimize risks. Effective management of software dependencies is crucial to protecting the integrity of applications. The incidents have also drawn the attention of security authorities, who are closely monitoring the situation. Collaboration between developers and security researchers is seen as key to combating such threats.

A joint approach could help sustainably improve security in software development. Security research will continue to play a central role in identifying and combating new threats. The community is called upon to ensure that software development remains not only innovative but also secure. Researchers emphasize that raising awareness of security risks and implementing security measures are essential to preventing future incidents. The vulnerability was discovered on May 20, 2026, and has already led to increased attention to the security of npm packages.