npm Security Risks: Most Vulnerable Packages in 2026

Updated March 2026

The most vulnerable npm packages in 2026 include lodash, cross-spawn, gun.js, puppeteer transitive chains, and several widely used testing utilities carrying unpatched dependencies. In 2025, over 99% of all open source malware occurred on npm (Sonatype, 2026 State of the Software Supply Chain). Open source registries processed 9.8 trillion downloads across Maven Central, PyPI, npm, and NuGet, and attackers published 454,648 new malicious packages in a single year.

That number is not a typo. Nearly half a million malicious packages in twelve months.

The average npm project pulls in 79 transitive dependencies (DEV Community, 2025). A single compromised package can cascade through millions of downstream applications within hours. If your applications depend on npm, and they almost certainly do, understanding where the risks are and how to detect them is no longer optional.

Stay ahead of npm security threats. Subscribe to CyberDesserts for practical security content when it matters.

Most Vulnerable npm Packages

Developers searching for which npm packages carry the most risk need specifics, not generalisations. The following packages appear consistently in npm audit reports, CVE databases, and security research. This list is based on CVE frequency, severity scores, dependency reach, and real-world exploitation.

Sources: Snyk Vulnerability Database (security.snyk.io), NVD, GitHub Security Advisories. Download figures from npm registry and Socket.dev, March 2026.

Source: NVD, npm advisories, Snyk vulnerability database, Sonatype research. Data current as of March 2026.

A few patterns stand out. The packages that cause the most real-world pain are not necessarily the ones with the flashiest CVEs. It seems for enterprise security teams, the packages that consistently trigger audit failures and slow down release pipelines are testing utilities (nyc, c8, istanbul) and build tools (webpack-dev-middleware, npm-run-all) carrying transitive vulnerabilities that nobody explicitly installed.

The September 2025 supply chain attack compromised chalk, debug, and 16 other packages with a combined 2.6 billion weekly downloads (Varonis, 2025). Those packages were not "vulnerable" in the traditional CVE sense. They were hijacked. That distinction matters for how you scan and what you scan for.

Is npm Safe to Use?

Yes, but with significant caveats. The npm registry itself has not been compromised. Individual packages within it have been, repeatedly, and at massive scale.

Here is what makes npm risky in 2026:

• 454,648 new malicious packages were published in 2025 alone (Sonatype, 2026)
• 99.8% of Q4 2025 malware originated from npm, making it the most heavily targeted ecosystem by a wide margin (Sonatype, 2026)
• The first self-replicating npm worm (Shai-Hulud) spread autonomously across 500+ packages in September 2025, then returned in November with more sophisticated payloads (Wiz, 2025)
• State-sponsored actors are industrialising attacks. Sonatype identified 800+ Lazarus Group-associated packages in 2025, with 97% concentrated on npm (Sonatype, 2026)

Here is what makes npm manageable:

• Lockfiles and version pinning prevent surprise updates pulling malicious code
• Behavioural analysis tools (Socket, Aikido) detect malicious intent before CVEs are assigned
• npm ci in CI/CD pipelines ensures reproducible builds from lockfiles
• Cooldown periods on new package versions catch most compromises within hours

The ecosystem is not broken. But treating npm install as a safe operation without guardrails is no longer defensible. If you are running production applications on npm dependencies, you need scanning, pinning, and monitoring in place. Not next quarter. Now.

For a practical walkthrough of auditing your dependency tree, see our guide to auditing the npm supply chain.

npm Ecosystem in 2026

How big is npm? The numbers matter because scale drives both the ecosystem's value and its attack surface.

The sheer volume creates a paradox. More packages means more innovation. It also means more attack surface, more abandoned code, and more transitive risk that nobody is actively tracking.

In Q4 2025, the IndonesianFoods campaign generated over 100,000 malicious packages in just a few days by creating a new package every seven seconds (Sonatype, 2026). That single campaign effectively doubled the total volume of malware on npm. Traditional registry protections cannot keep pace with that velocity.

Types of npm Vulnerabilities

Research analysing over 31,000 vulnerabilities across ecosystems from 2017 to 2025 reveals distinct patterns in npm (arXiv, 2025). The following are ordered by prevalence.

Embedded Malicious Code (CWE-506)

Embedded malicious code represents 48.58% of all npm vulnerabilities, the single largest category (arXiv, 2025). These are not coding errors. These are packages published with harmful intent from the start.

Malicious packages in npm surged from 38 reports in 2018 to over 2,168 in 2024 (arXiv, 2025). Snyk identified over 3,000 malicious npm packages in 2024 alone, with JavaScript remaining the most targeted ecosystem into 2025 (Snyk, 2025). By Q4 2025, the number had exploded further, with Sonatype blocking 120,612 malware attacks in a single quarter (Sonatype, 2026).

Common tactics include typosquatting (publishing packages with names like lodahs hoping developers mistype lodash), dependency confusion (publishing internal package names to public registries), and star-jacking (cloning popular repositories to build false credibility). Research shows 71.2% of malicious packages use long names with more than 10 characters, and 67.3% include dashes, mimicking legitimate naming conventions (arXiv, 2025).

For detailed analysis of how these attacks work, see our guide to auditing the npm supply chain.

Supply Chain Attacks

Supply chain attacks compromise legitimate packages rather than publishing new malicious ones. By targeting trusted maintainers or build infrastructure, attackers gain access to packages with established user bases. This is why the September 2025 attack was so devastating.

The September 2025 npm supply chain attack compromised 18 popular packages including chalk and debug, collectively downloaded over 2.6 billion times weekly (Varonis, 2025). The Shai-Hulud worm demonstrated self-propagating behaviour, using stolen npm tokens to automatically inject malicious code into other packages the compromised developer maintained (Unit 42, 2025). CISA issued an official alert recommending organisations pin dependencies to pre-September 2025 versions and rotate all developer credentials (CISA, 2025).

The second wave landed in November 2025. Shai-Hulud 2.0 shifted from post-install to pre-install execution, dramatically widening its impact. Over 25,000 malicious repositories were created across roughly 350 GitHub users, with popular projects from Zapier, ENS Domains, PostHog, and Postman temporarily trojanised (Wiz, 2025). A third variant was spotted in December 2025, suggesting the attackers retained access to the original source code (Aikido, 2026).

Supply chain attacks averaged just under 13 per month during early 2024 but rose to over 16 per month from October 2024 to May 2025, with some months reaching nearly 25 (Reflectiz, 2025).

For analysis of specific incidents, see our coverage of the Shai-Hulud npm attack.

Prototype Pollution (CWE-1321)

Prototype pollution appears in 560 reports specific to npm, a JavaScript-unique vulnerability class caused by the language's prototype inheritance model (arXiv, 2025).

JavaScript objects inherit properties from prototypes. When attackers manipulate __proto__, constructor, or prototype attributes, they can inject malicious properties that affect every object in the application. Consequences range from denial of service to remote code execution. Server-side prototype pollution is particularly dangerous, enabling full remote code execution without authentication in affected Node.js applications.

Multiple high-profile libraries were affected in 2024, including web3-utils (CVE-2024-21505), dset (CVE-2024-21529), and uplot (CVE-2024-21489). The 2025 Sveltekit vulnerability (CVE-2025-55182) demonstrated how prototype pollution in frameworks can enable remote code execution (Aikido, 2025).

Prevention: Use Object.create(null) for objects handling user input. Validate JSON input with schemas. Avoid unsafe recursive merge functions. Consider using Map instead of plain objects for user-controlled data.

Regular Expression Denial of Service (ReDoS)

ReDoS vulnerabilities exploit inefficient regular expressions that consume excessive CPU when processing malicious input. An attacker can crash applications or cause significant performance degradation with crafted strings.

The cross-spawn package vulnerability (CVE-2024-21538) affected millions of projects through transitive dependencies, demonstrating how ReDoS in widely used utilities creates broad exposure (Snyk, 2024). Similar vulnerabilities appeared in @eslint/plugin-kit (CVE-2024-21539), es5-ext (CVE-2024-27088), and micromatch (CVE-2024-4067).

ReDoS is particularly insidious because the vulnerable code often appears harmless during development but becomes a security issue under adversarial conditions. The Node.js runtime has addressed several ReDoS vulnerabilities in core packages through 2024 and 2025 security releases (Node.js, 2024).

Path Traversal

Path traversal allows attackers to access files outside intended directories by manipulating file paths. Despite being well-documented since the 1990s, these vulnerabilities increased 85% in closed-source projects from 2023 to 2024 (Aikido, 2024).

The webpack-dev-middleware vulnerability (CVE-2024-29180) allowed arbitrary file access on developer machines through insufficient URL validation. Node.js itself addressed multiple path traversal issues in 2024 and 2025, including CVE-2024-21896 and CVE-2025-27210 for Windows device name handling (Node.js Security Releases, 2024-2025).

Prevention: Never concatenate user-supplied paths directly. Apply URL decoding before path resolution. Use allowlists rather than blocklists. Set strict base directories and validate all paths are relative to them.

Command Injection

Command injection occurs when user input is passed unsanitised to system commands. The BatBadBut vulnerability (CVE-2024-27980) in Node.js demonstrated how improper handling of batch files on Windows could enable arbitrary command execution even without the shell option enabled (Node.js, 2024).

This vulnerability class affects applications using child_process.spawn, child_process.exec, or similar APIs without proper input sanitisation. Attackers can chain commands using characters like ;, |, or && to execute arbitrary code on the server.

Transitive Dependency Vulnerabilities

You never installed these packages. They run in your application anyway.

A typical npm project has dozens of direct dependencies and hundreds of transitive dependencies. Snyk's 2024 research found only 24% of organisations are confident in the security of their direct dependencies, and just 37% report that dependencies are easy to track (Snyk/Linux Foundation, 2024). Only 25% of teams track only direct dependencies, with almost 5% tracking none at all (Snyk, 2024).

This is why scanning only direct dependencies provides incomplete visibility. The vulnerability might be three or four levels deep in your dependency tree, invisible unless you specifically analyse the complete SBOM.

Abandoned and Unmaintained Packages

Packages that have not been updated in over 1,000 days are effectively unmaintained. When vulnerabilities are discovered, no patches will be forthcoming.

Research shows the time a vulnerability remains in the ecosystem before being fixed has increased by 95% from 2017 to 2024 (arXiv, 2025). Several critical vulnerabilities in 2024 took over 500 days to fix (Sonatype, 2024). 80% of application dependencies remain un-upgraded for over a year, even when 95% of vulnerable components have fixed versions available (Sonatype, 2024).

Monitoring package freshness is as important as scanning for known CVEs. If the last commit was two years ago and there are open security issues, that package is a liability regardless of what npm audit says.

How npm Packages Get Compromised

Understanding attack vectors helps focus defensive efforts on the most likely entry points. The 2025 attack campaigns revealed just how many ways a trusted package can turn malicious overnight.

Maintainer Account Compromise

The September 2025 npm attack began with a phishing email from npmjs.help, a domain registered specifically for the campaign (Varonis, 2025). The fake login page captured credentials and 2FA tokens through adversary-in-the-middle techniques. One compromised maintainer account cascaded into billions of affected downloads.

Two-factor authentication helps but is not foolproof. Hardware security keys and FIDO-based authentication provide stronger protection against phishing. The vendor pitch says "enable 2FA and you are protected." The reality is that token-stealing proxy attacks bypass TOTP codes entirely. Only phishing-resistant MFA (hardware keys, passkeys) actually stops this class of attack.

Automated Installation in CI/CD Pipelines

CI/CD pipelines and automated builds that run npm install without version pinning can pull malicious updates automatically. The Shai-Hulud attack specifically targeted CI/CD environments, using GitHub Actions workflows to propagate across repositories (Unit 42, 2025).

Using npm ci instead of npm install in production pipelines ensures you only install exactly what is in your lockfile. It fails if the lockfile is out of sync with package.json rather than silently updating. That failure is a feature, not a bug.

AI-Assisted Attack Generation

Security researchers observed AI-generated payloads in recent npm attacks. Unit 42 noted they are "moderately confident that the attackers used AI to generate the malicious script, given the use of comments and emojis" in the Shai-Hulud payload (Unit 42, 2025). The s1ngularity attack also showed signs of AI generation (InfoQ, 2025).

Sonatype's 2026 report adds another dimension: 28% of LLM-assisted dependency upgrades were hallucinations, recommending non-existent package versions (Sonatype, 2026). AI is not just helping attackers. It is also creating new attack surface through developer tooling.

Self-Replicating Worm Behaviour

The Shai-Hulud campaigns introduced a genuinely new threat model to npm. When the malware found npm tokens on a compromised machine, it automatically published malicious versions of every package that token had access to (Wiz, 2025). No human intervention required. The worm spread itself.

This changes the risk calculus fundamentally. A single compromised developer machine can now trigger a cascade affecting every package that developer maintains. Shai-Hulud compromised 500+ packages in days using this technique. The second wave affected projects from Zapier, PostHog, Postman, and ENS Domains before containment (Wiz, 2025).

How to Detect Vulnerable npm Packages

Multiple tools exist for vulnerability detection. Each has strengths and blind spots. Having worked with dozens of enterprise teams on this exact problem, I can tell you that the organisations with the best track records use at least two complementary approaches: one reactive (known CVEs) and one proactive (behavioural detection).

npm audit

The built-in npm audit command checks your dependencies against npm's vulnerability database. Free, requires no setup, and integrates with existing npm workflows.

However, npm audit only catches known vulnerabilities after they are reported. It misses newly published malicious packages, recently compromised legitimate packages, and issues not yet in npm's database. It also cannot assess package age or maintenance status.

If npm audit fix is not resolving your vulnerabilities, see our troubleshooting guide for npm audit fix not working.

Building Custom Scanners

Google's deps.dev API aggregates vulnerability data from multiple sources including npm, GitHub, and the Open Source Vulnerabilities database. It provides broader coverage than npm's database alone and is free to use.

For hands-on detection beyond npm audit, I built a custom scanner using the deps.dev API. See the complete tutorial: Build an npm Vulnerability Scanner.

SBOM Analysis

Software Bill of Materials scanning provides visibility into your complete dependency tree. When a new vulnerability is announced, you can immediately identify which applications are affected.

Regulatory requirements are increasing. The EU's Network and Information Systems Directive (NIS2) came into force in October 2024, with similar regulations emerging globally (Sonatype, 2024). Sonatype's 2026 report found that 65% of open source CVEs were not assigned CVSS scores by the NVD, making SBOM-based tracking even more critical when official scoring lags behind disclosure (Sonatype, 2026).

npm Security Scanning Tools Compared

No single tool catches everything. The most effective approach combines reactive scanning (known CVEs) with proactive detection (behavioural analysis, malware detection).

Which Combination Should You Use?

For individual developers: Start with npm audit for baseline coverage. Add Socket's CLI wrapper (alias npm="socket npm") for real-time malware blocking during local development.

For small teams: GitHub Dependabot provides automatic PRs for known vulnerabilities. Pair with Aikido Safe Chain or Socket for supply chain threat detection at install time.

For enterprise: Layer Snyk or Semgrep for comprehensive coverage with Sonatype Repository Firewall or Aikido Safe Chain for proactive blocking. Consider JFrog Xray if using Artifactory for package management.

Not sure where to start building security skills? Try our CyberDesserts Learning Assistant to get personalised guidance on your learning path.

How to Fix npm Vulnerabilities

Detection is only valuable if you act on findings. The gap between knowing about a vulnerability and actually fixing it is where most organisations fail. 95% of the time when vulnerable components are consumed, a fixed version already exists (Sonatype, 2024). The problem is not awareness. It is action.

Version Pinning and Lockfiles

Lock dependencies to exact versions rather than semver ranges. Always commit package-lock.json or yarn.lock. In production pipelines, use npm ci which fails if the lockfile does not match package.json rather than silently updating.

CISA's guidance following the September 2025 attack specifically recommended pinning dependencies to known safe releases produced prior to the attack date (CISA, 2025).

Cooldown Periods

Several tools now support enforcing minimum package age before allowing installation. Aikido Safe Chain offers a 24-hour cooldown option. Packages compromised and then identified typically get removed within hours or days. A cooldown period prevents your builds from pulling malicious versions during that critical window.

Disabling Install Scripts

Many supply chain attacks execute during preinstall or postinstall scripts. The Shai-Hulud 2.0 campaign shifted from post-install to pre-install execution, dramatically widening its impact across developer machines and CI/CD pipelines (Unit 42, 2025).

Running with --ignore-scripts prevents script execution but may break legitimate packages. A more targeted approach is auditing which packages require scripts and allowlisting only those.

Private Registry Solutions

Enterprise teams benefit from private registries that proxy npm with additional controls. JFrog Artifactory provides package approval workflows and curation policies. Nexus Repository offers security scanning integration. Private registries also provide audit trails showing exactly which packages entered your environment and when.

npm Security for Enterprise Teams

Larger organisations face additional challenges managing npm security at scale. The biggest one, in my experience, is not technology. It is the friction between security requirements and developer velocity.

Developer Workflow Integration

Security tools that slow developers down get bypassed. Snyk's research found 52% of teams often fail to meet vulnerability SLA deadlines, with 74% setting unrealistic SLAs of a week or less (Snyk, 2024). Integrate scanning into existing workflows rather than adding separate steps.

Incident Response Planning

The September 2025 attack demonstrated how quickly compromises can cascade. CISA's recommended response includes:

• Conduct dependency review across all software using npm
• Pin versions to known safe releases
• Immediately rotate all developer credentials
• Mandate phishing-resistant MFA on all developer accounts
• Monitor for anomalous network behaviour
• Harden GitHub security by removing unnecessary apps and auditing webhooks

Having these procedures documented before an incident saves critical time during response. The organisations that responded fastest to the September 2025 attack were the ones that already had a supply chain incident playbook. Those that did not spent the first 48 hours figuring out what they even needed to check.

What to Expect from npm Attacks in 2026

The npm threat landscape is evolving in predictable directions based on current attack trends and the Sonatype 2026 report findings.

Self-replicating malware is now established. Shai-Hulud proved the model works. Three variants appeared between September and December 2025. Expect copycats and more sophisticated worm behaviour targeting different credential types beyond npm tokens (Wiz, 2025).

State-sponsored campaigns will intensify. The Lazarus Group published 800+ malicious packages on npm in 2025, with 97% targeting the JavaScript ecosystem specifically (Sonatype, 2026). North Korean operations are treating npm as a revenue channel for the state.

Attack automation will outpace manual defences. The IndonesianFoods campaign created a new malicious package every seven seconds, generating 100,000+ packages in days (Sonatype, 2026). Traditional registry protections cannot match that velocity.

Pre-install attacks will increase. Shai-Hulud 2.0 shifted execution to the pre-install phase. Expect more attacks targeting earlier stages of the installation process, before developers even see a warning (Unit 42, 2025).

AI-generated payloads and AI-created attack surface will converge. Attackers are using LLMs to generate evasive code, while AI coding assistants are hallucinating non-existent package versions that attackers can then register (Sonatype, 2026). Both sides of this problem are accelerating.

The path forward requires proactive security: automated blocking at the point of entry, behavioural analysis that catches intent rather than just known signatures, and a fundamental shift from treating supply chain security as a compliance checkbox to treating it as a core engineering discipline.

Key Takeaways

• Malicious code is the biggest threat. Nearly half of npm vulnerabilities are embedded malicious code, not coding errors. Detection must focus on intentional attacks, not just known CVEs.
• Layer your defences. No single tool catches everything. Combine npm audit with behavioural analysis tools like Aikido or Socket, plus SBOM scanning for full visibility.
• The September 2025 attack changed the game. Self-replicating npm malware is now a proven attack model. Prepare for worm-like propagation, not just individual compromised packages.
• Act on findings quickly. 95% of the time a fixed version already exists. Yet 80% of dependencies remain un-upgraded for over a year.
• State actors are industrialising npm attacks. This is no longer amateur hour. Nation-state groups are running sustained, professional campaigns on npm.

Related Resources

This guide covers npm security comprehensively. For deeper dives into specific topics:

• Build an npm Vulnerability Scanner - Create your own scanner using deps.dev
• Auditing the npm Supply Chain - Understanding supply chain threat patterns
• Shai-Hulud npm Attack - Analysis of the self-propagating worm
• npm audit fix Not Working - Troubleshooting common issues
• Cybersecurity Skills Roadmap - Map your path from beginner to job-ready

The npm threat landscape evolves weekly. Subscribers receive notifications when new attacks emerge and when this guide is updated with new defence strategies. No sales pitches, no fluff.

Frequently Asked Questions

Is npm safe to use in 2026?

Yes, but not without precautions. The npm registry itself has not been compromised, but 454,648 malicious packages were published to it in 2025. Use lockfiles, pin versions, scan dependencies with tools like Socket or Aikido, and run npm ci instead of npm install in CI/CD pipelines.

What are the most vulnerable npm packages?

The most frequently flagged packages include lodash (prototype pollution), cross-spawn (ReDoS), gun.js (path traversal), and testing utilities like nyc and c8 that carry transitive vulnerabilities. Chalk and debug were directly compromised in the September 2025 supply chain attack.

How many npm packages exist in 2026?

The npm registry contains over 3.1 million packages. In 2025, the ecosystem processed 9.8 trillion downloads across all open source registries, with npm being the largest contributor (Sonatype, 2026).

What was the September 2025 npm supply chain attack?

Attackers phished an npm maintainer account and published trojanised versions of 18 popular packages including chalk and debug. The compromised packages had a combined 2.6 billion weekly downloads. The Shai-Hulud worm then used stolen npm tokens to self-replicate across 500+ additional packages.

How do I check if my npm packages are vulnerable?

Run npm audit for a baseline check against known CVEs. For deeper analysis, use Socket or Snyk for behavioural malware detection. Check npm ls to see your full dependency tree including transitive dependencies. Consider building a custom scanner with the deps.dev API for cross-database coverage.

What is the difference between npm audit and tools like Snyk or Socket?

npm audit checks against a single vulnerability database and only catches known, reported CVEs. Snyk offers a larger database with fix guidance. Socket adds behavioural analysis that can detect malicious intent in packages before a CVE is assigned. Layering multiple tools provides the most comprehensive coverage.

Last updated: March 2026

References and Sources

1. Sonatype. (2026). 11th Annual State of the Software Supply Chain Report. 454,648 new malicious packages in 2025; 99% of malware on npm; 9.8 trillion downloads; 800+ Lazarus Group packages; 28% LLM hallucinated versions. Analysis window: January-December 2025.
2. Sonatype. (2026). Open Source Malware Index Q4 2025. 120,612 attacks blocked; 99.8% of Q4 malware from npm; 833% increase in data corruption events; IndonesianFoods campaign analysis.
3. Sonatype. (2024). 10th Annual State of the Software Supply Chain Report. 704,102+ malicious packages since 2019; 156% YoY increase; 4.5 trillion npm requests; 80% dependencies un-upgraded over a year.
4. arXiv. (2025). Open Source, Open Threats? Investigating Security Challenges in Open-Source Software. Analysis of 31,267 vulnerabilities across ecosystems 2017-2025; CWE-506 represents 48.58% of npm vulnerabilities; 560 prototype pollution reports in npm.
5. OWASP. (2025). OWASP Top 10 2025. Software Supply Chain Failures elevated to #3.
6. Unit 42, Palo Alto Networks. (2025). Shai-Hulud Worm Compromises npm Ecosystem. Self-propagating attack analysis; AI-generated payload assessment; pre-install vs post-install attack evolution.
7. CISA. (2025). Alert: Widespread Supply Chain Compromise Impacting npm Ecosystem. Official remediation guidance for September 2025 attack.
8. Wiz Research. (2025). Shai-Hulud 2.0 Supply Chain Attack. 25,000+ malicious repos across ~350 GitHub users; Zapier, PostHog, Postman packages affected; cross-victim exfiltration observed.
9. Varonis. (2025). AI-Generated Phishing: How One Email Triggered a Global NPM Supply Chain Crisis. 2.6 billion downloads affected; phishing campaign analysis; npmjs.help domain.
10. Snyk. (2024-2025). State of Open Source Security Report. 3,600+ malicious packages in 2024; 52% fail vulnerability SLA deadlines; 24% confident in dependency security.
11. Aikido Security. (2025-2026). Safe Chain and Security Research. 6,000+ malicious packages flagged June 2025; Shai-Hulud variant 3 identified December 2025; xrpl compromise detection.
12. JFrog. (2025). Largest npm Attack in History. 18 compromised packages; 2 billion total downloads; $500 actual attacker yield; phishing campaign details.
13. Xygeni. (2025). Malicious Packages 2025 Recap. 3,180 confirmed malicious packages across 2025; automated multi-version publishing trends.
14. FortiGuard Labs. (2025). Malicious Packages Across Open-Source Registries Q2 2025. 1.4 million npm packages scanned; data exfiltration as primary malicious behaviour.
15. GitHub. (2025). GitHub Advisory Database by the Numbers. 2,000+ CVEs published in 2024; fifth-largest CNA in CVE Program.
16. InfoQ. (2025). NPM Ecosystem Suffers Two AI-Enabled Credential Stealing Supply Chain Attacks. s1ngularity and Shai-Hulud attack analysis.
17. Arctic Wolf. (2025). Shai-Hulud Malware Targets Numerous NPM Packages. Second wave analysis November 2025; setup_bun.js payload details.
18. ExtraHop. (2025). 2025 Security Predictions. DevOps ecosystem targeting; CI/CD pipeline risks.
19. Node.js. (2024-2025). Security Releases. BatBadBut (CVE-2024-27980); path traversal fixes; ReDoS mitigations.
20. Reflectiz. (2025). OWASP Top Ten 2025 Guide. Supply chain attack frequency trends 2024-2025.
21. DEV Community. (2025). Essential npm Security Tools. Average 79 transitive dependencies per npm project.