More than 1,300 malicious npm packages have been discovered for use in supply chain attacks, cryptojacking, data stealing and more
WhiteSource tracked an average of 32,000 new npm packages published every month during 2021. That level of activity enabled threat actors to launch a number of attacks, including:
“With an average of over 17,000 new npm package versions being published daily in 2021, there’s no question that package update activity needs to be closely monitored,” said Rami Sass, Co-Founder and CEO of WhiteSource. “Unfortunately, that popularity is being used by threat actors to spread malware and launch attacks that harm businesses and individuals. Our newest threat report is designed to educate readers about npm and how threat actors are using it, in order to better protect developers, companies, and users against malicious behavior.”
In addition to outlining what npm is and how it’s being used by threat actors, the report identifies five must-know facts about npm package security, as well as best practices to thwart npm attacks.
To see if you have supply chain risks hidden in your organization, download WhiteSource Diffend here.
To learn more about the report’s findings and download the full report, visit this link.