Software supply chain management platform Sonatype’s latest research shared with Hackread.com reveals that on 20 December 2024, popular npm packages @rspack/core and @rspack/cli were compromised by attackers who accessed a compromised npm token. According to Sonatype’s blog post, these attackers then published malicious versions (1.1.7) of these packages.
Sonatype’s automated malware detection systems quickly caught these malicious versions and blocked them for users using Nexus Repository Firew
