Cybersecurity researchers have identified an active software supply chain campaign that has placed malicious code in more than 100 packages on the npm registry, enabling theft of authentication tokens, CI/CD secrets and GitHub credentials from developers’ machines. The campaign, codenamed PhantomRaven by Koi Security, appears to have begun in August 2025 and has grown to 126 libraries with over 86,000 installs.
Security firm DCODX has flagged several of the packages, including op-cli-installer, unused-imports, badgekit-api-client, polyfill-corejs3 and eslint-comments, and published details of the findings and download counts for each on its website.
Researchers say the attacker hides malicious code by pointing package dependencies to a custom HTTP location so npm fetches code from an external, attacker-controlled host (identified in analysis as packages.storeartifact[.]com) rather than from npmjs.com, a technique that can evade static dependency analysis. Security researcher Oren Yomtov noted that “npmjs[.]com doesn’t follow those URLs,” making the remote dynamic dependencies invisible to many automated scanners.
The malicious packages include pre-install hooks that retrieve a remote dynamic dependency and execute the payload during installation. The payload is reported to enumerate the developer environment for email addresses, CI/CD configuration details and a system fingerprint, including public IP address, and to exfiltrate that data to a remote server.
Koi Security said the attacker has used so-called slopsquatting – registering plausible but non-existent package names that can be suggested by large language models – to lure developers into installing the trojanized libraries. DCODX warned that the npm ecosystem’s low friction for publishing and the automatic execution of lifecycle scripts at install time can let such code execute without developer awareness.