Embedded Malicious Code (CanisterWorm)
This package version was compromised as part of the CanisterWorm supply chain attack, which originated from the Trivy security scanner compromise by threat actor TeamPCP on March 19, 2026. The malicious code deploys a persistent backdoor via systemd, exfiltrates npm tokens and credentials, and uses an Internet Computer Protocol (ICP) canister as a dead-drop C2 server. Any computer that has this package installed or running should be considered fully compromised. …