Npm Package Posthog-Js 1.297.3 Contains Malware
Postedabout 1 month agoActiveabout 1 month ago
Securitystory
heatednegative
NpmMalwarePosthogSecurity
Key topics
Npm
Malware
Posthog
Security
I know many of us use a really excellent PostHog service, but it seems their latest version of `posthog-js` NPM package contains malware.
Reported to their security channel, also reported to NPM, but also wanted to raise awareness here.
Discussion Activity
Moderate engagementFirst comment
10m
Peak period
7
0-12h
Avg / period
3
Key moments
- 01Story posted
Nov 24, 2025 at 3:49 AM EST
about 1 month ago
Step 01 - 02First comment
Nov 24, 2025 at 3:59 AM EST
10m after posting
Step 02 - 03Peak activity
7 comments in 0-12h
Hottest window of the conversation
Step 03 - 04Latest activity
Nov 29, 2025 at 9:19 AM EST
about 1 month ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 46031776Type: storyLast synced: 11/24/2025, 8:50:08 AM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
Discussion hasn't started yet.