{"id":1946,"date":"2025-05-27T04:30:22","date_gmt":"2025-05-27T09:30:22","guid":{"rendered":"https:\/\/forwardtechnologies.com\/?p=1946"},"modified":"2025-05-27T08:50:16","modified_gmt":"2025-05-27T13:50:16","slug":"npm-malware-destructive-javascript-packages","status":"publish","type":"post","link":"https:\/\/forwardtechnologies.com\/npm-malware-destructive-javascript-packages\/","title":{"rendered":"Destructive NPM Malware Sat Undetected for Two Years"},"content":{"rendered":"<p><img decoding=\"async\" class=\"alignleft size-medium wp-image-1947 lazyload\" data-src=\"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/05\/FT-Blog-May-27-2025-Wide-300x200.png\" alt=\"A terminal window with red warning text and broken JavaScript icons symbolizing malware in code packages\" width=\"300\" height=\"200\" data-srcset=\"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/05\/FT-Blog-May-27-2025-Wide-300x200.png 300w, https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/05\/FT-Blog-May-27-2025-Wide-1024x683.png 1024w, https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/05\/FT-Blog-May-27-2025-Wide-768x512.png 768w, https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/05\/FT-Blog-May-27-2025-Wide.png 1536w\" data-sizes=\"auto\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 300px; --smush-placeholder-aspect-ratio: 300\/200;\" data-original-sizes=\"(max-width: 300px) 100vw, 300px\" \/>Researchers have uncovered a batch of malicious packages in the NPM repo that quietly racked up over 6,000 downloads before anyone noticed. These weren\u2019t your typical cryptominers or info-stealers. They were designed to crash systems, wipe files, and corrupt data\u2014sometimes all at once.<\/p>\n<p>NPM is a massive public repository where developers share and download JavaScript packages. It\u2019s used by millions, which makes it a prime target for attacks like this.<!--more--><\/p>\n<p>The packages were disguised to look like common JavaScript tools used with frameworks like Vue, React, and Vite. Under the hood, they carried payloads that could take out local files, trash browser storage, or force a system shutdown. Some were subtle, corrupting things like auth tokens and app settings to create weird, hard-to-trace bugs. Others went straight for the jugular, deleting framework files and killing machines outright.<\/p>\n<p>All of this went live with zero fanfare. Some of the code was set to trigger on specific dates in 2023 and 2024, but at least one payload has no end date, meaning it\u2019s still active. Just installing the wrong package could be enough to blow a hole in your system.<\/p>\n<p>The person behind the uploads used an account that also posted clean, working packages\u2014nothing malicious\u2014just to build trust. That mix of good and bad code helped them stay under the radar. No replies came from the email tied to the account.<\/p>\n<p>The affected packages closely mimic real tools, which makes them easy to overlook. The known list includes:<\/p>\n<ul>\n<li>js-bomb<\/li>\n<li>js-hood<\/li>\n<li>vite-plugin-bomb<\/li>\n<li>vite-plugin-bomb-extend<\/li>\n<li>vite-plugin-react-extend<\/li>\n<li>vite-plugin-vue-extend<\/li>\n<li>vue-plugin-bomb<\/li>\n<li>quill-image-downloader<\/li>\n<\/ul>\n<p>If any of these made it into your project, check your systems. These weren\u2019t just slip-ups or experiments. They were built to break things, and they do.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers have uncovered a batch of malicious packages in the NPM repo that quietly racked up over 6,000 downloads before anyone noticed. These weren\u2019t your typical cryptominers or info-stealers. They were designed to crash systems, wipe files, and corrupt data\u2014sometimes all at once. NPM is a massive public repository where developers share and download JavaScript [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1947,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"full-width-content","footnotes":""},"categories":[38,37,134],"tags":[143,138,136,135,137,141,139,142,140],"class_list":{"0":"post-1946","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-blog","8":"category-cybersecurity","9":"category-programming","10":"tag-cybersecurity","11":"tag-destructive-payload","12":"tag-javascript-security","13":"tag-npm-malware","14":"tag-open-source-threats","15":"tag-react","16":"tag-supply-chain-attack","17":"tag-vite","18":"tag-vue","19":"entry"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\r\n<title>Destructive NPM Malware Went Undetected for Two Years - Chicago IT Support &amp; Cyber Security | Forward Technologies<\/title>\r\n<meta name=\"description\" content=\"Researchers found NPM malware disguised as JavaScript tools. Over 6,000 downloads later, it crashed systems, deleted files, and corrupted data.\" \/>\r\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\r\n<link rel=\"canonical\" href=\"https:\/\/forwardtechnologies.com\/npm-malware-destructive-javascript-packages\/\" \/>\r\n<meta property=\"og:locale\" content=\"en_US\" \/>\r\n<meta property=\"og:type\" content=\"article\" \/>\r\n<meta property=\"og:title\" content=\"Destructive NPM Malware Went Undetected for Two Years - Chicago IT Support &amp; Cyber Security | Forward Technologies\" \/>\r\n<meta property=\"og:description\" content=\"Researchers found NPM malware disguised as JavaScript tools. Over 6,000 downloads later, it crashed systems, deleted files, and corrupted data.\" \/>\r\n<meta property=\"og:url\" content=\"https:\/\/forwardtechnologies.com\/npm-malware-destructive-javascript-packages\/\" \/>\r\n<meta property=\"og:site_name\" content=\"Chicago IT Support &amp; Cyber Security | Forward Technologies\" \/>\r\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ForwardTechnologies\" \/>\r\n<meta property=\"article:published_time\" content=\"2025-05-27T09:30:22+00:00\" \/>\r\n<meta property=\"article:modified_time\" content=\"2025-05-27T13:50:16+00:00\" \/>\r\n<meta property=\"og:image\" content=\"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/05\/FT-Blog-May-27-2025-Wide-1024x683.png\" \/>\r\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\r\n\t<meta property=\"og:image:height\" content=\"683\" \/>\r\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\r\n<meta name=\"author\" content=\"Edward Silha\" \/>\r\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\r\n<meta name=\"twitter:image\" content=\"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/05\/FT-Blog-May-27-2025-Wide.png\" \/>\r\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Edward Silha\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\r\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/npm-malware-destructive-javascript-packages\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/npm-malware-destructive-javascript-packages\\\/\"},\"author\":{\"name\":\"Edward Silha\",\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/#\\\/schema\\\/person\\\/feb8ae7ba8b41e1e93b9ef28f4733cff\"},\"headline\":\"Destructive NPM Malware Sat Undetected for Two Years\",\"datePublished\":\"2025-05-27T09:30:22+00:00\",\"dateModified\":\"2025-05-27T13:50:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/npm-malware-destructive-javascript-packages\\\/\"},\"wordCount\":293,\"publisher\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/npm-malware-destructive-javascript-packages\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/forwardtechnologies.com\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/FT-Blog-May-27-2025-Wide.png\",\"keywords\":[\"cybersecurity\",\"destructive payload\",\"JavaScript security\",\"NPM malware\",\"open source threats\",\"React\",\"supply chain attack\",\"Vite\",\"Vue\"],\"articleSection\":[\"Blog\",\"Cybersecurity\",\"Programming\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/npm-malware-destructive-javascript-packages\\\/\",\"url\":\"https:\\\/\\\/forwardtechnologies.com\\\/npm-malware-destructive-javascript-packages\\\/\",\"name\":\"Destructive NPM Malware Went Undetected for Two Years - Chicago IT Support &amp; Cyber Security | Forward Technologies\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/npm-malware-destructive-javascript-packages\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/npm-malware-destructive-javascript-packages\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/forwardtechnologies.com\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/FT-Blog-May-27-2025-Wide.png\",\"datePublished\":\"2025-05-27T09:30:22+00:00\",\"dateModified\":\"2025-05-27T13:50:16+00:00\",\"description\":\"Researchers found NPM malware disguised as JavaScript tools. Over 6,000 downloads later, it crashed systems, deleted files, and corrupted data.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/npm-malware-destructive-javascript-packages\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/forwardtechnologies.com\\\/npm-malware-destructive-javascript-packages\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/npm-malware-destructive-javascript-packages\\\/#primaryimage\",\"url\":\"https:\\\/\\\/forwardtechnologies.com\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/FT-Blog-May-27-2025-Wide.png\",\"contentUrl\":\"https:\\\/\\\/forwardtechnologies.com\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/FT-Blog-May-27-2025-Wide.png\",\"width\":1536,\"height\":1024,\"caption\":\"A terminal window with red warning text and broken JavaScript icons symbolizing malware in code packages\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/npm-malware-destructive-javascript-packages\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/forwardtechnologies.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Destructive NPM Malware Sat Undetected for Two Years\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/#website\",\"url\":\"https:\\\/\\\/forwardtechnologies.com\\\/\",\"name\":\"Chicago IT Support &amp; Cyber Security | Forward Technologies\",\"description\":\"Chicago-based Forward Technologies delivers IT support and cyber security to businesses in the Chicago area and nationwide.\",\"publisher\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/forwardtechnologies.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/#organization\",\"name\":\"Forward Technologies\",\"url\":\"https:\\\/\\\/forwardtechnologies.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/forwardtechnologies.com\\\/wp-content\\\/uploads\\\/2017\\\/01\\\/Forward-Technologies-Website-header-260x100-1.png\",\"contentUrl\":\"https:\\\/\\\/forwardtechnologies.com\\\/wp-content\\\/uploads\\\/2017\\\/01\\\/Forward-Technologies-Website-header-260x100-1.png\",\"width\":260,\"height\":100,\"caption\":\"Forward Technologies\"},\"image\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/ForwardTechnologies\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/#\\\/schema\\\/person\\\/feb8ae7ba8b41e1e93b9ef28f4733cff\",\"name\":\"Edward Silha\"}]}<\/script>\r\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Destructive NPM Malware Went Undetected for Two Years - Chicago IT Support &amp; Cyber Security | Forward Technologies","description":"Researchers found NPM malware disguised as JavaScript tools. Over 6,000 downloads later, it crashed systems, deleted files, and corrupted data.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/forwardtechnologies.com\/npm-malware-destructive-javascript-packages\/","og_locale":"en_US","og_type":"article","og_title":"Destructive NPM Malware Went Undetected for Two Years - Chicago IT Support &amp; Cyber Security | Forward Technologies","og_description":"Researchers found NPM malware disguised as JavaScript tools. Over 6,000 downloads later, it crashed systems, deleted files, and corrupted data.","og_url":"https:\/\/forwardtechnologies.com\/npm-malware-destructive-javascript-packages\/","og_site_name":"Chicago IT Support &amp; Cyber Security | Forward Technologies","article_publisher":"https:\/\/www.facebook.com\/ForwardTechnologies","article_published_time":"2025-05-27T09:30:22+00:00","article_modified_time":"2025-05-27T13:50:16+00:00","og_image":[{"width":1024,"height":683,"url":"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/05\/FT-Blog-May-27-2025-Wide-1024x683.png","type":"image\/png"}],"author":"Edward Silha","twitter_card":"summary_large_image","twitter_image":"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/05\/FT-Blog-May-27-2025-Wide.png","twitter_misc":{"Written by":"Edward Silha","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/forwardtechnologies.com\/npm-malware-destructive-javascript-packages\/#article","isPartOf":{"@id":"https:\/\/forwardtechnologies.com\/npm-malware-destructive-javascript-packages\/"},"author":{"name":"Edward Silha","@id":"https:\/\/forwardtechnologies.com\/#\/schema\/person\/feb8ae7ba8b41e1e93b9ef28f4733cff"},"headline":"Destructive NPM Malware Sat Undetected for Two Years","datePublished":"2025-05-27T09:30:22+00:00","dateModified":"2025-05-27T13:50:16+00:00","mainEntityOfPage":{"@id":"https:\/\/forwardtechnologies.com\/npm-malware-destructive-javascript-packages\/"},"wordCount":293,"publisher":{"@id":"https:\/\/forwardtechnologies.com\/#organization"},"image":{"@id":"https:\/\/forwardtechnologies.com\/npm-malware-destructive-javascript-packages\/#primaryimage"},"thumbnailUrl":"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/05\/FT-Blog-May-27-2025-Wide.png","keywords":["cybersecurity","destructive payload","JavaScript security","NPM malware","open source threats","React","supply chain attack","Vite","Vue"],"articleSection":["Blog","Cybersecurity","Programming"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/forwardtechnologies.com\/npm-malware-destructive-javascript-packages\/","url":"https:\/\/forwardtechnologies.com\/npm-malware-destructive-javascript-packages\/","name":"Destructive NPM Malware Went Undetected for Two Years - Chicago IT Support &amp; Cyber Security | Forward Technologies","isPartOf":{"@id":"https:\/\/forwardtechnologies.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/forwardtechnologies.com\/npm-malware-destructive-javascript-packages\/#primaryimage"},"image":{"@id":"https:\/\/forwardtechnologies.com\/npm-malware-destructive-javascript-packages\/#primaryimage"},"thumbnailUrl":"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/05\/FT-Blog-May-27-2025-Wide.png","datePublished":"2025-05-27T09:30:22+00:00","dateModified":"2025-05-27T13:50:16+00:00","description":"Researchers found NPM malware disguised as JavaScript tools. Over 6,000 downloads later, it crashed systems, deleted files, and corrupted data.","breadcrumb":{"@id":"https:\/\/forwardtechnologies.com\/npm-malware-destructive-javascript-packages\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/forwardtechnologies.com\/npm-malware-destructive-javascript-packages\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/forwardtechnologies.com\/npm-malware-destructive-javascript-packages\/#primaryimage","url":"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/05\/FT-Blog-May-27-2025-Wide.png","contentUrl":"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/05\/FT-Blog-May-27-2025-Wide.png","width":1536,"height":1024,"caption":"A terminal window with red warning text and broken JavaScript icons symbolizing malware in code packages"},{"@type":"BreadcrumbList","@id":"https:\/\/forwardtechnologies.com\/npm-malware-destructive-javascript-packages\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/forwardtechnologies.com\/"},{"@type":"ListItem","position":2,"name":"Destructive NPM Malware Sat Undetected for Two Years"}]},{"@type":"WebSite","@id":"https:\/\/forwardtechnologies.com\/#website","url":"https:\/\/forwardtechnologies.com\/","name":"Chicago IT Support &amp; Cyber Security | Forward Technologies","description":"Chicago-based Forward Technologies delivers IT support and cyber security to businesses in the Chicago area and nationwide.","publisher":{"@id":"https:\/\/forwardtechnologies.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/forwardtechnologies.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/forwardtechnologies.com\/#organization","name":"Forward Technologies","url":"https:\/\/forwardtechnologies.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/forwardtechnologies.com\/#\/schema\/logo\/image\/","url":"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2017\/01\/Forward-Technologies-Website-header-260x100-1.png","contentUrl":"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2017\/01\/Forward-Technologies-Website-header-260x100-1.png","width":260,"height":100,"caption":"Forward Technologies"},"image":{"@id":"https:\/\/forwardtechnologies.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ForwardTechnologies"]},{"@type":"Person","@id":"https:\/\/forwardtechnologies.com\/#\/schema\/person\/feb8ae7ba8b41e1e93b9ef28f4733cff","name":"Edward Silha"}]}},"_links":{"self":[{"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/posts\/1946","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/comments?post=1946"}],"version-history":[{"count":0,"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/posts\/1946\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/media\/1947"}],"wp:attachment":[{"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/media?parent=1946"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/categories?post=1946"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/tags?post=1946"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}