Crims Poison 150k+ Npm Packages with Token-Farming Malware
Postedabout 2 months agoActiveabout 2 months ago
theregister.comTechstory
heatednegative
Debate
40/100
Supply Chain AttackMalwareNpm Packages
Key topics
Supply Chain Attack
Malware
Npm Packages
A self-replicating supply chain attack has poisoned over 150,000 NPM packages with token-farming malware, raising concerns about the security of the NPM ecosystem.
Snapshot generated from the HN discussion
Discussion Activity
Light discussionFirst comment
1h
Peak period
1
1-2h
Avg / period
1
Key moments
- 01Story posted
Nov 15, 2025 at 1:28 AM EST
about 2 months ago
Step 01 - 02First comment
Nov 15, 2025 at 2:54 AM EST
1h after posting
Step 02 - 03Peak activity
1 comments in 1-2h
Hottest window of the conversation
Step 03 - 04Latest activity
Nov 15, 2025 at 2:54 AM EST
about 2 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45935486Type: storyLast synced: 11/17/2025, 4:09:55 AM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
Analyzing a NPM Spam Campaign: The Great Indonesian Tea Theft https://www.endorlabs.com/learn/the-great-indonesian-tea-the...
(https://news.ycombinator.com/item?id=45919514)