Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesEarnWeb3SquareMore
Trade
Spot
Buy and sell crypto with ease
Margin
Amplify your capital and maximize fund efficiency
Onchain
Going Onchain, without going Onchain!
Convert & block trade
Convert crypto with one click and zero fees
Explore
Launchhub
Gain the edge early and start winning
Copy
Copy elite trader with one click
Bots
Simple, fast, and reliable AI trading bot
Trade
USDT-M Futures
Futures settled in USDT
USDC-M Futures
Futures settled in USDC
Coin-M Futures
Futures settled in cryptocurrencies
Explore
Futures guide
A beginner-to-advanced journey in futures trading
Futures promotions
Generous rewards await
Overview
A variety of products to grow your assets
Simple Earn
Deposit and withdraw anytime to earn flexible returns with zero risk
On-chain Earn
Earn profits daily without risking principal
Structured Earn
Robust financial innovation to navigate market swings
VIP and Wealth Management
Premium services for smart wealth management
Loans
Flexible borrowing with high fund security
Bitget
News
Another attack targeting the NPM supply chain occurs as @ctrl/tinycolor releases a malicious version

Another attack targeting the NPM supply chain occurs as @ctrl/tinycolor releases a malicious version

ChaincatcherChaincatcher2025/09/16 01:35
Show original

ChainCatcher news, Scam Sniffer has detected another attack targeting the NPM supply chain. The malicious version of @ctrl/tinycolor (with a weekly download volume of 2.2 million) was released, which runs an information-stealing program during the npm postinstall script execution to scan and steal sensitive data.

This malicious payload abuses the legitimate sensitive information scanning tool TruffleHog. Please check if you have downloaded the affected version, suspend installation/update operations, and lock the version to a known safe one.

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Earn new token airdrops
Lock your assets and earn 10%+ APR
Lock now!

You may also like

Trending news

More
1

Deutsche Börse subsidiary launches AnchorNote system, introducing a new model for digital asset custody and trading

2

Crypto Finance, a subsidiary of Deutsche Börse, launches digital asset custody and settlement services

Crypto prices

More
Bitcoin
Bitcoin
BTC
$115,621.77
+0.43%
Ethereum
Ethereum
ETH
$4,508.84
-0.52%
XRP
XRP
XRP
$3.03
+1.60%
Tether USDt
Tether USDt
USDT
$1
-0.03%
BNB
BNB
BNB
$928.99
+1.29%
Solana
Solana
SOL
$235.75
+0.40%
USDC
USDC
USDC
$0.9997
-0.02%
Dogecoin
Dogecoin
DOGE
$0.2661
+1.05%
TRON
TRON
TRX
$0.3457
-0.35%
Cardano
Cardano
ADA
$0.8696
+0.71%
How to sell PI
Bitget lists PI – Buy or sell PI quickly on Bitget!
Trade now
Become a trader now?A welcome pack worth 6200 USDT for new users!
Sign up now
About Bitget
About Bitget Contact us Community Careers Bitget Academy Bitget Blog Bitget Token (BGB) Announcement Center Proof of Reserves Protection Fund Partner links LALIGA partnership MotoGP partnership Blockchain4Youth Blockchain4Her Sitemap
Products
Spot Futures Onchain Margin Earn Spot copy trading Futures copy trading Bot copy trading Bots APIs TraderPro Web3 wallet Fiat OTC Bitget swap Telegram Apps Center Airdrop library
Buy crypto
Buy crypto Buy Bitcoin Buy ETH Buy DOGE Buy XRP Buy BGB Buy SHIB Crypto prices Bitcoin price Ethereum price Solana price chart Calculator Bitcoin ETF Crypto wiki XRP price Pi Network price ADA price Solana price Trump coin price Dogecoin price BRC-20 price
Support
Submit feedback Help Center Verify official channels Anti-scam hub Listing application VIP services Affiliate program Institutional services Asset custody Download data Promotions Referral program Fee schedule Tax filing API
Legal
Law enforcement request Regulatory request Compliance Regulatory license AML/CFT policies Privacy policy Terms of Service Risk disclosure
Scan to download
© 2025 Bitget