Newly published NPM versions contain malware

[pollyzoid]

Recently published versions 20.0.4, 20.0.5, 20.0.6, 19.0.3 and 18.1.4 contain a post-install script bundle.js that seems to pull various tokens (GitHub, NPM, AWS, GCP) and attempts to exfiltrate cloud account secrets plus whatever trufflehog finds. 20.0.3 was also published with bundle.js but is missing package.json postinstall declaration.

These don't have matching tags on the repo, so publishing tokens have apparently leaked.

ng2-file-upload also looks affected.

edit: Affected versions are now gone from NPM.

[patlkli]

I noticed the same this morning and reported it to NPM support and @valorkin by email.

My inital email went out at 08:49Z, @valorkin acknowledged it at 10:51Z, confirmed he has unpublished the affected versions and rotated the affected tokens at 12:29Z.
NPM sent an update on my reports at 13:38Z that they have taken action as well and purged the affected versions.

@valorkin Thanks again for the quick reaction. BTW issues on ng2-file-upload are still disabled, it seems.

[sherlock1982]

This says all versions. GHSA-6m4g-vm7c-f8w6. Will it be updated eventually?

[basvandorst]

First of all, great that all affected versions are removed!

This says all versions. GHSA-6m4g-vm7c-f8w6. Will it be updated eventually?

@patlkli @valorkin ^ could we indeed ask the NPM team to pin the advisory to the affected versions instead of the affected>= 0, to avoid unnecessary heart attacks while reading the description of the vulnerability.

[patlkli]

@sherlock1982 @basvandorst @valorkin I've sent them an issue over at github/advisory-database#6140, so hopefully they will correct it soon.

[Tezra]

Since you are using GitHub hosted actions to publish, I would also recommend updating your npm + publish workflow for Trusted Publishing (Note: The For Github Actions and provenance sections). This would prevent this from happening again since then packages can only be published by this repo's publishing action or with 2FA. (No tokens or secrets to steal)

You can also add the --provenance flag to the publish command so that the NPM registry has a signed cert from GitHub attesting to when/where/how the package was published. And then on the NPM side you can configure the package settings so that only 2FA or the specified repo + action can publish package updates (disable publishing with tokens completely).

[AdnaneKhan]

According to https://play.clickhouse.com/play?user=play#c2VsZWN0ICogZnJvbSBnaXRodWJfZXZlbnRzIHdoZXJlIGV2ZW50X3R5cGUgPSAnQ3JlYXRlRXZlbnQnIGFuZCByZWZfdHlwZSA9ICdyZXBvc2l0b3J5JyBhbmQgcmVwb19uYW1lIGxpa2UgJyVzMW5ndWxhcml0eS1yZXBvc2l0b3J5JScgYW5kIGNyZWF0ZWRfYXQgPiAgJzIwMjUtMDgtMjYgMDA6MDA6MDAnIG9yZGVyIGJ5IGNyZWF0ZWRfYXQgQVNDCg== @valorkin was a victim of the Nx / S1ngularity attack. Could this be fallout from that?

[Surajkale1522]

Yesterday while trying to install ngx-bootstrap, I ran into a strange issue during npm install. I also stored the full error logs file.

[Madebyspeedster]

@pollyzoid can u share/point bundle.js where is this file?

[mukaschultze]

@pollyzoid can u share/point bundle.js where is this file?

Malicious packages that contained it have been removed from NPM. bundle.js file was in the root of the tar.gz package.

[tszewcow]

According to https://play.clickhouse.com/play?user=play#c2VsZWN0ICogZnJvbSBnaXRodWJfZXZlbnRzIHdoZXJlIGV2ZW50X3R5cGUgPSAnQ3JlYXRlRXZlbnQnIGFuZCByZWZfdHlwZSA9ICdyZXBvc2l0b3J5JyBhbmQgcmVwb19uYW1lIGxpa2UgJyVzMW5ndWxhcml0eS1yZXBvc2l0b3J5JScgYW5kIGNyZWF0ZWRfYXQgPiAgJzIwMjUtMDgtMjYgMDA6MDA6MDAnIG9yZGVyIGJ5IGNyZWF0ZWRfYXQgQVNDCg== @valorkin was a victim of the Nx / S1ngularity attack. Could this be fallout from that?

I would assume that it was exactly the case.
More info about the attack: https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-again

[jusvit]

So are you going to bump your package version or what?

[jpeer]

what's the deal with versions 20.0.2 to 20.0.6 ? they're still flagged as compromised all over the internet

e.g.
https://osv.dev/vulnerability/MAL-2025-47197

are these false positives and the team replaced them already?

[ADNewsom09]

No, they look to have been pulled everywhere. The latest valid package is 20.0.2.

20.0.3 - 20.0.6 (among others) are the malicious ones.

ngx-bootstrap has not pushed another release since 20.0.2.
I'd assume when they do it will be 20.0.7 or above.