Supply-chain threat intelligence

Incident detail

criticalnpm·dependency confusion·osv

Malicious code in better-tailwindcss (npm)

better-tailwindcss

Risk score

92

AI summary

Indexed incident for better-tailwindcss (npm).

Description

The package publishes under the name of the legitimate better-tailwindcss project but its package.json declares both a runtime and dev dependency on better-tailwindcss resolved from http://pack.nppacks.com/npm/better-tailwindcss — a plain-HTTP, non-registry host with no integrity hash and no TLS. On npm install, npm fetches and installs that arbitrary, mutable tarball, and any install/postinstall scripts inside it execute on the installer's machine. The shipped code itself is a Babel plugin clone unrelated to the real better-tailwindcss project (a tailwind ESLint plugin) and carries a self-label describing the package as being for 'Security Research Testing Purpose,' confirming it is a namespace squat used as a delivery vehicle for code hosted at pack.nppacks.com.

Technical details

Affected versions

=4.6.3

Indicators

  • affected version=4.6.375%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents