Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc.
According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious -

[email protected]
[email protected]
[email protected]

"Early analysis indicates that [email protected], [email protected], and [email protected]



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/05/stealer-backdoor-found-in-3-node-ipc.html