Software Supply Chain Attack Hits Thousands of Apps
The attackers reportedly impersonated high-traffic np modules with slightly altered names. Many of the packages were published by ionic.io, however, the original and legitimate publisher is ionicons. Ionicons is a popular open source icon set that boasts more than 1,000 icons for web, iOS, Android, and desktop. Although the full extent of the campaign remains unclear, it touches on systemic challenges that face developers deploying open-source components.