Malicious npm packages detected in Red Hat Cloud Services
Original: Malicious npm packages detected across Red Hat Cloud Services
Why This Matters
Major supply chain security incident affecting enterprise Red Hat packages
Multiple npm packages under the @redhat-cloud-services/ scope have been compromised with malicious code. At least 8 packages including chrome, compliance-client, and frontend-components were affected across multiple versions.
Red Hat Cloud Services npm packages have been compromised with malicious releases detected across the @redhat-cloud-services/ scope. Affected packages include @redhat-cloud-services/chrome (versions 2.3.1, 2.3.2, 2.3.4), compliance-client (4.0.3, 4.0.4, 4.0.6), config-manager-client (5.0.4, 5.0.5, 5.0.7), entitlements-client (4.0.11, 4.0.12, 4.0.14), eslint-config-redhat-cloud-services (3.2.1, 3.2.2, 3.2.4), frontend-components (7.7.2, 7.7.3, 7.7.5), frontend-components-advisor-components (3.8.2, 3.8.4, 3.8.6), and frontend-components-config (6.11.3, 6.11.4, 6.11.6). The issue was reported on GitHub and documented by StepSecurity.