160 npm Packages Compromised. Auto-Update Did This.

My take

This is not a zero-day. This is not some advanced persistent threat. A human lost control of a token, probably from a .env file committed to a public repo or pasted into a chatbot for debugging help, and an attacker used it to push code that ran on install. Auto-update did the rest. The system worked as designed. That's the problem.

Terminal

# audit your project for known vulnerable packages
$ npm audit --json | jq '.vulnerabilities | length'
14
# check what runs on install
$ npm show some-package scripts
{ preinstall: 'node ./setup.js', postinstall: 'node ./telemetry.js' }
# that postinstall is where the payload hides
# lock your versions. review what you pull in.
$ npm config set ignore-scripts true

The token was the whole exploit.

There was no buffer overflow. No memory corruption. No clever bypass. Someone had a token with publish access and lost control of it. That's the entire attack chain. Every security tool in the world can't save you if a human hands over the keys.

AI tools are a new leak vector.

Developers paste error messages, config files, and environment variables into AI tools every day for debugging help. Some of those contain tokens, API keys, and database credentials. Those inputs may be logged, cached, or used for training. A token that leaks into an AI tool is a token that's out of your control. Treat every AI prompt as a potential data exfiltration path.

# developer pastes this into an AI chatbot for debugging help
$ cat error.log | head -5
Error connecting to database:
  host=prod-db.internal.company.com
  user=app_service
  password=Pr0d_S3cret!2026
  SSL=required
# that password is now in someone else's system
# and you have no idea who has access to it