tl;dr "we believe the government is dumb but we've fear mongered them & everyone else enough that we have to take a temporary L"

Love the work @motdotla is doing with @dotenvx & am excited by what he's doing with Armor ⛨ - Our @vltpkg team got a excited when we first saw that first name change & appreciated Scott's willingness to adapt the name again to ensure there wasn't any confusion. Much love 🖤

Update: Renamed again to Armor ⛨. @darcy and the amazing team behind @vltpkg - many of the same guys instrumental with npm and github - kindly brought up a concern that naming it VLT could confuse the community. It was a good point and really glad they raised it with me. Armor ⛨ it is!

Everyone needs a metal tee. Varlock long sleeve goes HARD

Today is a big day for @SocketSecurity. We just raised a $60M Series C at a $1B valuation, led by @ThriveCapital with participation from @a16z, @AbstractVC, and @CapitalOne Ventures. Total funding is now $125M. Four years ago, we started Socket because open source dependencies were flowing into production faster than anyone could vet them. AI has massively accelerated that. Code is being written, shipped, and deployed before any human reads it. Security has to operate at that same speed. One data point from Thrive's diligence that I keep coming back to: they first discovered Socket because @cursor_ai, @OpenAI, and @AnthropicAI all independently told them it was the most important security tool they'd adopted for AI-driven development. Three of the most sophisticated AI companies converging on the same vendor unprompted. Since our Series B, Socket has grown to more than 20,000 organizations, protecting over 1.5 million repositories and blocking more than 1,000 supply chain attacks every week. The team is now over 100 people. Three out of five FAANG companies are Socket customers. So are the companies building the most ambitious AI products: @AnthropicAI, @cursor_ai, @xai, @figma, @vercel, @Replit, @scale_AI, @GustoHQ, @Mercadolibre, and @cribl_io, alongside Fortune 100s in financial services and global media. What we've shipped since the last round: • Socket Firewall blocks malicious packages at install time, before they reach a developer's laptop or CI pipeline. Free for everyone. • Reachability analysis via our acquisition of Coana, eliminating 50-80% of irrelevant vulnerability alerts by focusing only on CVEs that are actually exploitable. • Socket Certified Patches for remediating exploitable CVEs in seconds without waiting on upstream maintainers. • Coverage extending to browser extensions, editor extensions, MCP servers, and AI tools via our acquisition of @secureannex. When the Axios compromise hit, our detection systems flagged the malicious dependency within six minutes. Within 24 hours, more than 2,000 organizations onboarded to Socket to block it. Where the funding goes: deeper investment in Firewall, massively expanding Certified Patches, moving protection closer to every point of install across the developer toolchain, and new product launches pushing Socket into a category we haven't entered before. We're hiring across engineering, sales, customer success, and threat intel. ❤️ Thank you to our customers, investors, and the open-source community for your support. Together, we’re making software safer for everyone.

Just reminded of this thread... and all of the reasons I quit GitHub...

🚨 node-ipc is compromised again. Three new malicious versions just dropped: 9.1.6, 9.2.3, and 12.0.1. Socket’s AI scanner flagged them as malware within three minutes of publication. The attack vector: a dormant maintainer account (atiertant) was likely taken over via an expired email domain. The attacker registered the lapsed domain, triggered an npm password reset, and gained publish rights to a package with millions of historical downloads. The payload is a credential stealer embedded in the CommonJS entrypoint (node-ipc.cjs). It activates on require(“node-ipc”), not through a postinstall script. Here’s what it does: •Fingerprints the host (OS, arch, hostname, uname) •Harvests 113-127 credential file patterns depending on platform (AWS, GCP, Azure, SSH keys, Kubernetes configs, npm tokens, .env files, shell histories, macOS Keychain databases, and more) •Dumps the entire process.env, capturing every CI secret and cloud credential in memory •Builds a gzip archive in a temp directory •Exfiltrates everything over DNS TXT queries to bt[.]node[.]js, using a bootstrap resolver at sh[.]azurestaticprovider[.]net:443 (a deliberate lookalike of Microsoft’s Azure Static Web Apps domain) The DNS exfiltration is chunked. A 500 KB archive generates roughly 29,400 TXT queries. The body is XOR-encrypted with a SHA-256 keystream, base64-encoded, alphabet-substituted, and split into 31-character chunks before hex-encoding into DNS labels. Header, data, and footer queries use xh, xd, and xf prefixes respectively. The malware forks a detached child process (env var __ntw=1) so credential theft runs silently in the background. It also exposes a __ntRun export, meaning any downstream code that calls require(“node-ipc”).__ntRun() can trigger a second collection/exfiltration cycle. ESM-only consumers using the import path are not affected by the reviewed package metadata. CommonJS consumers are. This is the same package involved in the 2022 protestware incident. It has a history. If you use node-ipc: •Do not install 9.1.6, 9.2.3, or 12.0.1 •Audit your lockfiles for these versions •If you loaded the CommonJS entrypoint, treat all environment variables, SSH keys, cloud credentials, npm tokens, and local secrets as compromised. Rotate immediately. •Hunt for DNS TXT queries to bt[.]node[.]js and sh[.]azurestaticprovider[.]net in your network logs •Check for temp files matching <tmp>/nt-<pid>/<machineHex>.tar.gz Credit to Ian Ahl (@TekDefense) for first publicly identifying the expired-domain account takeover vector. Developing story. Full technical breakdown and IOCs on the Socket blog: socket.dev/blog/node-ipc-pac…

Update 5:05 PT: The attack has now expanded well beyond @TanStack and @Mistral. 373 malicious package-version entries across 169 npm package names, including @uipath, @squawk, @tallyui, @beproduct, and more. The malware propagates by stealing your CI credentials and using them to publish new compromised versions. Full IOCs, affected package list, and detection steps: aikido.dev/blog/mini-shai-hu…

Quick reminder: vlt.io/blog/vlt-build

The attack has expanded……

We’ve released Next.js versions 16.2.6 and 15.5.18 with important security fixes. These fixes address multiple vulnerabilities across high, moderate, and low severity, including one upstream React issue. We strongly recommend upgrading as soon as possible. ⬇️

pnpm v11.0.6 is out! To update, run: pnpm self-update latest-11

TL;DR: - Maintainer controls the unscoped tanstack npm package - README presents it as “TanStack Player” - Package is not affiliated with TanStack - Maintainer demands $10k from TanStack creator - TanStack files legal docs related to a pending trademark infringement claim - No response from npm on the brand-squatting - Package later ships malware that steals .env files This is another form of abuse OSS maintainers are forced to deal with: brand impersonation, extortion attempts, and platform inaction until users are finally exposed to malware.

While others race away from Open Source, @vltpkg is doubling down. 🖤⚡ Today we’re announcing our renewed commitment to @ThePledge and investing back into the ecosystem. vlt.io/blog/doubling-down-on…

🚨 Active supply chain attack hitting SAP’s CAP ecosystem on npm. Four packages tied to SAP’s Cloud Application Programming Model just shipped versions with a new preinstall script that downloads and executes a platform-specific binary. These packages never required this before today. Affected versions: • mbt@1.2.48 • @​cap-js/db-service@2.10.1 • @​cap-js/postgres@2.2.2 • @​cap-js/sqlite@2.2.2 Combined, these packages see 570K weekly downloads. @​cap-js/db-service and @​cap-js/sqlite alone account for ~510K of that. If you’re building on SAP BTP or using MTA deployment pipelines, check your lockfiles now. The compromised versions added a preinstall script that acts as a bootstrapper: it downloads a Bun ZIP from GitHub Releases, extracts it, and immediately executes the binary. It follows HTTP redirects without validating the destination. On Windows, it invokes PowerShell with -ExecutionPolicy Bypass. All four versions were published within a ~2.5 hour window this morning (April 29, UTC). At least one version (@​cap-js/sqlite@2.2.2) has already been unpublished. Socket flagged the malicious behavior and is continuing to investigate. If you’re affected: • Do not install the affected versions • Pin to previous known-good versions • Rotate any credentials or tokens exposed in build/dev environments • Review CI/CD logs for unexpected network calls or binary execution Developing story…