malware npm

@ctrl/tinycolor

discovered 2025-09-16

@ctrl/tinycolor is identified in the SafeDep analysis "npm Supply Chain Attack Exposes Private Repositories, AWS Credentials and More". npm supply chain attacks continue. This time targeting @ctrl/tinycolor and multiple other packages with credential stealer malware. In this blog, we will analyze the attack and its impact on the npm ecosystem. We will also look at common attack patterns that are being used to target maintainers.

Threat types

credential_stealer data_exfiltration

Malicious versions

  • 4.1.1

Campaigns

Indicators

Techniques

Read the full analysis →