Official SAP NPM packages compromised to steal credentials
Brajeshwar
30 points
2 comments
April 30, 2026
Related Discussions
Found 5 related stories in 91.9ms across 8,303 title embeddings via pgvector HNSW
- Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised theanonymousone · 369 pts · May 19, 2026 · 62% similar
- Bitwarden CLI NPM package has been compromised 6mile · 15 pts · April 23, 2026 · 62% similar
- Axios compromised on NPM – Malicious versions drop remote access trojan mtud · 373 pts · March 31, 2026 · 57% similar
- GitHub Compromised claaams · 95 pts · May 20, 2026 · 55% similar
- Mass NPM Supply Chain Attack Hits TanStack, Mistral AI, and 170 Packages birdculture · 18 pts · May 12, 2026 · 54% similar
Discussion Highlights (1 comments)
wlkr
This might just be the frequency illusion at play, but there seem to have been a number of high-profile supply chain attacks of late in major packages. There are several articles on the first few pages of HN right now with different cases. Looking back ten years to `left-pad`, are there more successful attacks now than ever? I would suspect so, and surely the value of a successful attack has also increased, so are we actually getting better as a broad community at detecting them before package release? It's a complex space, and commercial software houses should do better, but it seems that whilst there are some excellent commercial products (e.g. CI scan tools), generally accessible, idiot friendly tooling is somewhat lacking for projects which start as hobby/amateur code but end up being a dependency in many other projects.