Malicious npm packages detected across Red Hat Cloud Services
- Security
- Open Source
- Developer Tools
- Infrastructure
The linked issue reported malicious npm packages under the `@redhat-cloud-services` scope, with later comments pointing to outside writeups and Red Hat’s bulletin saying these frontend libraries were bundled into some Red Hat container images during product builds. Several commenters said the pattern looks like a CI or GitHub Actions compromise rather than a stolen maintainer password, which matters because modern “trusted publishing” and provenance badges still look clean when the trusted pipeline itself is the thing pushing malware. That pushed the conversation away from “how did this one happen” and toward “what cheap defenses actually reduce damage next time.”
If your org consumes npm, PyPI, or similar registries directly from developer machines or CI, add a minimum package age and run installs in locked-down sandboxes now. Then review your publishing pipeline, because provenance and CI-based release automation do not help if the pipeline itself is what got compromised.
-
github.com
- Discuss on HN