Red Hat Investigates Supply Chain Breach Affecting Official NPM Packages
Red Hat has disclosed a supply chain security incident affecting its official NPM package distribution channel. According to the company's security advisory, dozens of packages were found to contain backdoors after being published through Red Hat's official NPM repository.
The company is urging any developers or organizations who downloaded affected packages to investigate their environments immediately. The backdoor mechanism and full scope of the compromise remain under investigation.
Red Hat has not yet published a complete list of affected packages or a timeline of when the malicious code was introduced. Security teams are advised to review their dependency trees and monitor for any unusual behavior in applications using Red Hat's NPM packages.
This incident adds to a growing list of supply chain attacks targeting open-source package registries, highlighting the ongoing challenges organizations face in securing their software development pipelines.