Segmentation Fault

Not pretty, not Windows-only: npm phishing attack laces popular packages with malware

The "is" package was infected with cross-platform malware after a scam targeting maintainers

The popular npm package "is" was infected with cross-platform malware, around the same time that linting utility packages used with the prettier code formatter were infected with Windows-only malware.

Published: 2025-07-24T10:01:05

Today's Core Dump is brought to you by ThreatPerspective

Not pretty, not Windows-only: npm phishing attack laces popular packages with malware

The "is" package was infected with cross-platform malware after a scam targeting maintainers