THREAT OPS › Threat News › Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp
Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp
A new npm worm is abusing binding.gyp to trigger node-gyp during install, letting malicious packages run code without lifecycle scripts. It steals credentials, persists in GitHub, and self-propagates across maintainers.