Microsoft flags 33 dependency-confusion npm packages

Microsoft’s useful finding is not just that another npm cluster was malicious. It is where the campaign tried to win: before code review, before runtime monitoring, and before a developer had any reason to think the package was outside the organization. The packages mirrored internal corporate namespaces, spoofed enterprise-looking metadata in package.json, and relied on npm install behavior to execute a postinstall stager. That stager fetched a roughly 17 KB JavaScript dropper from attacker-controlled command-and-control infrastructure, then collected system information, hostnames, environment variables and developer context, according to Microsoft.

For federal contractors and regulated enterprises, the immediate question is less exotic than the payload name. Check whether package managers can prefer or accept public packages that resemble private scopes. Audit npm lifecycle hooks in developer workstations and continuous integration and continuous delivery pipelines. Review logs for the maintainer aliases Microsoft named, mr.4nd3r50n, ce-rwb and t-in-one, and the nine organizational scopes Microsoft listed. The campaign’s reported RECON_ONLY flag matters because reconnaissance was a staging choice, not a safety feature.

This also lands in a noisy week for developer-supply-chain security. CISA warned on May 28 that recent campaigns were targeting CI/CD pipelines, code extensions and workflows, including malicious Nx Console activity and the “Megalodon” GitHub Actions campaign, https://www.cisa.gov/news-events/alerts/2026/05/28/supply-chain-compromises-impact-nx-console-and-github-repositories. Microsoft has also published separate late-May findings on typosquatted npm packages stealing cloud and CI/CD secrets and compromised @antv packages targeting GitHub Actions credentials. The pattern is not subtle: attackers are treating developer environments as production infrastructure with weaker admission control.