Cybersecurity researchers have identified an active software supply chain attack targeting the npm registry, involving a campaign codenamed PhantomRaven. Discovered by Koi Security, this operation has deployed over 100 malicious packages specifically engineered to compromise developer environments. The primary objective of the malware is to exfiltrate valuable assets such as authentication tokens, secrets from Continuous Integration/Continuous Deployment (CI/CD) pipelines, and GitHub credentials directly from developers’ machines.

Campaign Scope and Timeline

The activity associated with PhantomRaven is assessed to have begun in August 2025, which is when the first malicious packages were uploaded to the public repository. Over the following months, the campaign escalated significantly, ballooning to a total of 126 distinct malicious npm libraries. This collection of packages has been installed by developers more than 86,000 times, demonstrating the extensive reach of the attack within the software development community. The ongoing nature of the campaign indicates a persistent threat to users of the npm ecosystem.

Attack Method and Flagged Packages

What makes the PhantomRaven attack particularly notable is its method of payload delivery. The attackers concealed the malicious code within the package dependencies. Instead of bundling the code directly, they pointed to a custom HTTP URL. This causes the npm client to fetch the malicious components from an untrusted, attacker-controlled website during the installation process. The DevSecOps company DCODX has also flagged several of the packages involved. Among those identified are op-cli-installer with 486 downloads, unused-imports with 1,350 downloads, badgekit-api-client with 483 downloads, polyfill-corejs3 with 475 downloads, and eslint-comments with 936 downloads.