Supply Chain Incident
rc npm package malicious release
The rc npm package had malicious versions published that required users to downgrade and inspect systems for suspicious activity.
ConfidenceHigh
Evidence LevelVendor
Attack StagePackage Publish
Source Artifact DivergenceNo
Affected Packages
Affected Releases
No structured records.
Repositories
No structured records.
Organizations
No structured records.
Maintainers
No structured records.
Threat Actors
No structured records.
Campaigns
No structured records.
Build Systems
No structured records.
Distribution Channels
- npm registry
Compromised Accounts
No structured records.
Connected Entities
- npm registry Distribution Channel
- rc Package
References
- Embedded malware in rc GitHub Advisory Database · 2021-11-04