PodRocket - A web development podcast from LogRocket

Unpacking the NPM supply chain attacks with Feross Aboukhadijeh

14 snips
Sep 23, 2025
Feross Aboukhadijeh, the founder and CEO of Socket, dives into the alarming rise of NPM supply chain attacks targeting the JavaScript community. He discusses how attackers employed phishing tactics to compromise popular packages like Prettier and 'is,' explaining the vulnerabilities that allowed for these breaches. Feross also highlights risky postinstall scripts and provides practical mitigation strategies to protect against future threats, emphasizing the importance of vigilant practices in the ever-evolving landscape of software security.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
ANECDOTE

Phishing Led To Prettier Compromise

  • Feross's team encountered a phishing email spoofing npm that led to Prettier-related packages being backdoored.
  • Installing those compromised packages delivered a Windows DLL that stole browser cookies and tokens.
ANECDOTE

'is' Package Gave Attackers Remote Shells

  • A compromised 'is' package ran cross-platform JavaScript malware that opened a WebSocket to a command server.
  • The attacker could send back code which the malware executed immediately, giving an interactive remote shell on the victim's machine.
ANECDOTE

NX Used AI Tools To Hunt Secrets

  • The NX compromise (Aug 27) stole GitHub, NPM tokens, SSH keys and env secrets from developer machines.
  • The malware even used local AI CLIs like Claude and Gemini to scan files via natural-language prompts and write results to /tmp/inventory.txt.
Get the Snipd Podcast app to discover more snips from this episode
Get the app