This page summarizes the Node-gyp Supply Chain Compromise affecting multiple npm packages in the npm ecosystem.
The incident involved compromised npm packages published with malicious install-time behavior using binding.gyp / node-gyp. Unlike more common npm supply chain attacks that rely on preinstall or postinstall scripts, this activity uses binding.gyp to trigger code execution during npm install.
The compromised packages reportedly included mechanisms for credential harvesting, GitHub Actions workflow injection, credential exfiltration, and further supply chain propagation through malicious package publishing activity.
You can use this page to identify affected package versions and review recommended remediation actions.
For additional background and technical details, please refer to the Snyk Blog post
Packages affected by zero-day vulnerabilities
Showing 30 of 57 • Page 1 of 2
- C
Embedded Malicious Code in ai-sdk-ollama (npm)- C
- C
Embedded Malicious Code in autotel-audit (npm)- C
Embedded Malicious Code in autotel-backends (npm)- C
Embedded Malicious Code in autotel-drizzle (npm)- C
- C
- C
- C
Embedded Malicious Code in autotel (npm)- C
Embedded Malicious Code in autotel-adapters (npm)- C
Embedded Malicious Code in autotel-aws (npm)- C
Embedded Malicious Code in autotel-cli (npm)- C
- C
Embedded Malicious Code in autotel-devtools (npm)- C
Embedded Malicious Code in autotel-edge (npm)- C
- C
Embedded Malicious Code in autotel-hono (npm)- C
Embedded Malicious Code in autotel-mcp (npm)- C
- C
Embedded Malicious Code in autotel-mongoose (npm)- C
Embedded Malicious Code in autotel-pact (npm)- C
- C
Embedded Malicious Code in autotel-plugins (npm)- C
Embedded Malicious Code in autotel-sentry (npm)- C
- C
Embedded Malicious Code in autotel-tanstack (npm)- C
Embedded Malicious Code in autotel-terminal (npm)- C
Embedded Malicious Code in autotel-vitest (npm)- C
Embedded Malicious Code in autotel-web (npm)- C
Embedded Malicious Code in awaitly (npm)