Issue
On September 8th and 9th, 2025, several JavaScript packages hosted via npm were compromised through a sophisticated phishing attack. These packages were modified to detect web3 (cryptocurrency) traffic and redirect transactions to a wallet controlled by the attacker.
How we investigated
Once we became aware of the attack, we used Software Composition Analysis (SCA) to search our codebase for any affected packages. We also conducted a comprehensive manual triage of both the direct and transitive dependencies used in our software.
Conclusion
Both the SCA reports and our manual triage showed no instances of affected packages anywhere inside our codebase. Therefore, we can confirm that no Posit product contains compromised packages.
Reference Links
https://snyk.io/blog/npm-supply-chain-attack-via-open-source-maintainer-compromise/
https://jfrog.com/blog/new-compromised-packages-in-largest-npm-attack-in-history/