[x3d-public] NPM has malware?

John Carlson yottzumm at gmail.com
Thu Jul 22 03:08:35 PDT 2021

Apparently, there's some kind of malware in the NPM (node.js package 
manager) repository?  Some AI reported a lot of malware. I don't see 
much in depth analysis.  Some of the malware appears to steal your 
browser passwords? I see "HackTool:Win32/ChromePass"

If you want more "detail," I'll send what I have.  My info comes from 
subscribing to a website. Please let me know what you hear from other 
sources, since I want to confirm this before I move away from npm packages.

I would at a minimum, run your antivirus against your node_modules folders.

I feel that it's important for people to know who have downloaded my 

My guess is they'll mark the packages as having malware, and people who 
ran the malware will need to update their passwords.


More information about the x3d-public mailing list