Category
15 posts in this category.
Attack post-mortem
January 2022: the original maintainer of colors and faker shipped sabotaged versions to npm. Same publisher, no postinstall, no exfil — just an infinite loop in the main module. Three Veln signals fire on replay; the cooling window and file-tree drift do the work. Verdict: BLOCK.
Attack post-mortem
node-ipc@10.1.1 in March 2022 deleted files on machines geolocated to Russia or Belarus. The payload was IP-gated — the exact pattern our env-gated-risky-execution signal exists to catch. Five signals fire on replay; the LOL signal anchors the verdict at BLOCK.
Attack post-mortem
In January 2022, the developer of colors.js and faker.js deliberately shipped broken, infinite-loop versions of both packages. Here's what happened and what it means for supply chain trust.
Attack post-mortem
October 2021: a compromised npm publisher account pushed malicious versions of ua-parser-js to three different majors in five hours. Maintainer fingerprint does NOT change (the account was compromised, not handed off). Six other signals do. Verdict: BLOCK on all three coords.
Attack post-mortem
We replayed the November 2018 event-stream compromise against the current Veln agent. Five trust signals fire, the score lands at 0.18, the gate returns 403. Here is the signal-by-signal breakdown of what catches it — and the two signals that do not.
Attack post-mortem
In March 2022, the node-ipc npm package was modified to delete files on computers in Russia and Belarus. Here's what happened, why it was unprecedented, and what it means for supply chain trust.
Attack post-mortem
SolarWinds is the most famous supply chain attack. Here's what actually happened, how it compares to npm and PyPI attacks, and what lessons apply to package manager security.
Attack post-mortem
Self-replicating npm worms scrape publish tokens from infected developer machines and use them to publish malicious versions of every package those tokens can reach. Here is the propagation pattern, why it scales, and what reduces the blast radius.
Attack post-mortem
In November 2024, aiocpa — a Python library for the CryptoPay API — had a malicious update published that exfiltrated seed phrases and private keys. Here's the full breakdown.
Attack post-mortem
PyTorch nightly builds briefly pulled a malicious torchtriton package from public PyPI instead of the internal one. The mechanism is the canonical dependency-confusion attack, and it still works today.
Attack post-mortem
Three versions of ua-parser-js were briefly published with cryptominer and credential-stealer payloads after the maintainer’s npm account was taken over. A clean illustration of how reach amplifies short exposure windows.
Attack post-mortem
In 2024, a malicious version of litellm was published to PyPI and downloaded by developers in less than 5 minutes. Here's what happened, how it worked, and how Veln would have caught it.
Attack post-mortem
The xz utils backdoor was 29 months in the making. The exposure window was approximately 5 hours. Here's the complete timeline and what it teaches us about supply chain security.
Attack post-mortem
The canonical maintainer-handoff supply-chain attack. A polite stranger took over an unmaintained npm package, added a transitive dependency, and shipped a payload that ran only inside one specific cryptocurrency wallet.
Attack post-mortem
In May 2022, two long-stable open-source packages were modified to exfiltrate environment variables. Both fell to the same vector: their maintainers’ email domains had expired and been re-registered.