Scan to download
Home Flash
Calendar
BTC $66,702.13 +1.17%
ETH $1,929.52 +0.70%
BNB $601.90 +0.61%
XRP $1.42 -4.56%
SOL $81.67 -4.53%
TRX $0.2795 -0.47%
DOGE $0.0974 -3.83%
ADA $0.2735 -4.22%
BCH $545.99 +0.76%
LINK $8.64 -2.97%
HYPE $28.98 -1.81%
AAVE $122.61 -3.42%
SUI $0.9138 -6.63%
XLM $0.1605 -4.62%
ZEC $260.31 -8.86%
BTC $66,702.13 +1.17%
ETH $1,929.52 +0.70%
BNB $601.90 +0.61%
XRP $1.42 -4.56%
SOL $81.67 -4.53%
TRX $0.2795 -0.47%
DOGE $0.0974 -3.83%
ADA $0.2735 -4.22%
BCH $545.99 +0.76%
LINK $8.64 -2.97%
HYPE $28.98 -1.81%
AAVE $122.61 -3.42%
SUI $0.9138 -6.63%
XLM $0.1605 -4.62%
ZEC $260.31 -8.86%
Home
Article
Flash
Specials
Columns
ETF
Knowledge Base
Calendar
Activity
Tools

trufflehog

Attacks on the NPM supply chain have occurred again

ChainCatcher message, Scam Sniffer has detected another attack on the NPM supply chain. The package @ctrl/tinycolor (with 2.2 million downloads per week) has released a malicious version that runs an information-stealing program during the npm postinstall script execution to scan and steal sensitive data.This malicious payload abused the legitimate sensitive information scanning tool TruffleHog. Please check if you have downloaded the affected version, pause any installation/update operations, and pin the version to a known safe version.
2025-09-16
Scam Sniffer
NPM
TruffleHog
Copyright © 2023
About Us
Media Kit
Apply column
Privacy Policy
Disclaimer
API
Hiring
Qiong ICP No. 2021009392
Qiong ICP No. 2021009392
app_icon
ChainCatcher Building the Web3 world with innovations.