npm Supply Chain Attack: How the ‘Color’ Package Breach Exposed Cryptocurrency Vulnerabilities

Major npm Supply Chain Attack: Popular “color” Package Compromised to Steal Cryptocurrency “ A sophisticated phishing attack against a key open-source maintainer led to malicious versions of widely-used JavaScript libraries being published on npm, putting millions of users at risk. On September 8, 2025, the JavaScript ecosystem faced a significant security crisis. The npm account of developer Josh Junon (username qix) was compromised, leading to the publication of backdoored versions of multiple popular packages under his maintenance. This incident highlights the fragile nature of our open-source software supply chain and how targeted attacks against maintainers can have widespread consequences. How …