India, Feb. 27 -- Tenable Research has identified an npm supply chain attack involving a malicious package uploaded to the public npm registry. The package, named "amber-src," was designed to imitate the legitimate "ember-source" package and was downloaded approximately 50,000 times before removal.

The incident underscores the speed and scale at which modern supply chain attacks can spread within developer ecosystems.

What makes this npm supply chain attack distinct is its execution method. The malware did not require developers to run the package after installation. Instead, a hidden preinstall script executed automatically the moment the installation command was entered.

While users observed a standard installation progress indicator...