A supply chain attack hit NPM, threat actors compromised 16 popular Gluestack packages, affecting 950K+ weekly downloads. Researchers from Aikido Security discovered a new supply chain attack targeted NPM, compromising 16 popular Gluestack ‘react-native-aria’ packages with over 950K weekly downloads. The attack began on June 6 at 4:33 PM EST with a malicious update to […] A supply chain attack hit NPM, threat actors compromised 16 popular Gluestack packages, affecting 950K+ weekly downloads. Researchers from Aikido Security discovered a new supply chain attack targeted NPM, compromising 16 popular Gluestack ‘react-native-aria’ packages with over 950K weekly downloads. Our Malware Intelligence team has detected an active and on-going attack against packages on npm against the @react-native-aria/ scope.Combined, the 13 affected packages have more than 650.000 downloads per week each.— Aikido Security (@AikidoSecurity) June 7, 2025
Published: 2025-06-08T13:35:00