Malicious npm Packages Target React, Vue, and Vite Developers
2025-05-22
Security researchers have uncovered malicious npm packages targeting the ecosystems of JavaScript developers using React, Vue, and Vite. These packages contained payloads designed to detonate on specific dates in 2023, with some having no termination date, creating a persistent threat. The attacker also uploaded legitimate packages to create a facade of legitimacy. Affected developers should immediately inspect their systems to ensure the malicious packages have been removed.