#NPM: Self-Propagating Supply Chain Malware Hijacks npm Packages to Steal Developer Tokens.
Impacted packages:
@automagik/genie
@fairwords/loopback-connector-es
@fairwords/websocket
@openwebconcept/theme-owc
pgserve
also Python xinference compromised:
https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html
Impacted packages:
@automagik/genie
@fairwords/loopback-connector-es
@fairwords/websocket
@openwebconcept/theme-owc
pgserve
also Python xinference compromised:
https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html