The Changelog: Software Development, Open Source npm under siege (what to do about it) (Friends)
95 snips
Oct 3, 2025 
Feross Aboukhadijeh, a security engineer and founder of Socket Security, dives into the alarming rise of npm supply chain attacks, detailing how phishing and account takeovers have escalated threats. He explains the innovative techniques behind recent compromises and the unexpected consequences for attackers seeking monetary gain. Feross introduces Socket Firewall, a promising solution to detect and block malware during package installations. Listeners gain practical steps for reducing supply-chain risk and insights into the future of npm security.
AI Snips
Chapters
Transcript
Episode notes
Supply-Chain Attacks Escalated Rapidly
- Recent months saw one of the largest npm supply-chain attack waves with phishing, account takeovers, and malware in popular packages.
- Attackers published malware to packages that get billions of weekly downloads, proving massive reach.
Phishing Became A Viral Attack Vector
- A simple, repeatable phishing lure to maintainers became a meme among attackers and spurred many copycats.
- Multiple groups reused techniques and iterated quickly, expanding the attack variety and scale.
NX Compromise Used LLMs To Scout Files
- The NX compromise used novel payload techniques like abusing LLM CLI tools to scan local files with an English prompt.
- The attackers crafted prompts to enumerate and inventory sensitive files before exfiltration.