{"id":237234,"date":"2026-05-15T22:18:43","date_gmt":"2026-05-16T03:18:43","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/05\/popular-node-ipc-npm-package-compromised-to-steal-credentials"},"modified":"2026-05-15T22:18:43","modified_gmt":"2026-05-16T03:18:43","slug":"popular-node-ipc-npm-package-compromised-to-steal-credentials","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/05\/popular-node-ipc-npm-package-compromised-to-steal-credentials","title":{"rendered":"Popular node-ipc npm package compromised to steal credentials"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/popular-node-ipc-npm-package-compromised-to-steal-credentials.jpg\"><\/a><\/p>\n<p>Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm.<\/p>\n<p>The node-ipc package is a Node.js module that enables various processes to communicate through all forms of sockets, including Unix, Windows, UDP, TLS, and TCP.<\/p>\n<p>Despite the maintainer publishing in March 2022 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/big-sabotage-famous-npm-package-deletes-files-to-protest-ukraine-war\/\" rel=\"nofollow noopener\">weaponized versions<\/a> that targeted Russia and Belarus-based systems with a data-overwriting module, in protest to the Russian invasion of Ukraine, the package still has more than <a href=\"http:\/\/www.npmjs.com\/package\/node-ipc\" rel=\"nofollow noopener\">690,000 weekly downloads<\/a> on npm.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The node-ipc package is a Node.js module that enables various processes to communicate through all forms of sockets, including Unix, Windows, UDP, TLS, and TCP. Despite the maintainer publishing in March [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-237234","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/237234","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=237234"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/237234\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=237234"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=237234"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=237234"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}