RootData Free Push Service: Submit exclusive financing info and upon approval, enjoy free App push notifications. [Contact Now]
API Download the RootData App
People
Search project, VC, person, X account, token, archive.
/
search
FundraisingMarket

The attack on the NPM supply chain has occurred again, with @ctrl/tinycolor releasing a malicious version

Sep 16, 2025 09:31:56

Share to

ChainCatcher message, Scam Sniffer has detected another attack on the NPM supply chain. A malicious version of @ctrl/tinycolor (with 2.2 million downloads per week) has been released, which runs an information-stealing program during the npm postinstall script to scan and steal sensitive data.

This malicious payload abused the legitimate sensitive information scanning tool TruffleHog. Please check if you have downloaded the affected version, pause any installation/updates, and pin the version to a known safe version.

Latest News

Abraxas Capital reduces its BTC holdings, with total losses exceeding 50 million USD while still insisting on shorting

Sep 25, 2025 13:19:06

Real Vision founder: Bitcoin will experience a "five-year cycle" this round, likely peaking in Q2 next year

Sep 25, 2025 13:15:02

Based: Hyperliquid's first Launchpad oversubscribed by 110 times, raising 73 million USD

Sep 25, 2025 13:12:54

Data: "Brother Maji" returned over 30 million USD in contract trading profits in just 6 days

Sep 25, 2025 13:10:51

A certain whale's ETH long position was liquidated again, losing 44 million dollars in 40 days

Sep 25, 2025 13:09:46

Recent Fundraising

More
Melee
$3M Sep 24
BULK
$8M Sep 24
Stablecorp
$3M Sep 24

New Tokens

More
GriffinAI Network GAIN
Sep 24
Pinkfong PINKFONG
Sep 23
Anoma Network XAN
Sep 23

Latest Updates on 𝕏

More
Stani Kulechov Followed X Layer
Sep 24
Alex Svanevik Followed Native Markets
Sep 24
Sandeep Nailwal Followed Onchain
Sep 24