What are the malicious npm Strapi packages?

36 packages mimicking Strapi CMS plugins, uploaded to steal Guardarian wallet credentials via env sniffing and exfil.

How to check if I'm hit by npm supply chain attack?

Audit node_modules for `@strapi/*` unknowns, grep for Guardarian refs, scan traffic for odd outbound.

Does this affect all Strapi users?

Only if you installed these fakes—stick to official registry, verify hashes.

36 Fake Strapi Plugins Poison npm, Steal Guardarian Wallets

Npm's supply chain just took another hit—36 malicious packages posing as Strapi plugins, laser-focused on draining Guardarian wallets. Developers, wake up: this isn't random.

Open Source Beat Apr 07, 2026 4 min read

Cybersecurity threats in code supply chain with threat modeling visualization

⚡ Key Takeaways

36 malicious packages disguised as Strapi plugins target Guardarian crypto wallets via npm supply chain attack. 𝕏
Attack relies on trusted plugin facade, env probing, and silent exfil—npm's detection lags. 𝕏
Defend with lockfiles, sigs, and behavioral monitoring; predict mandatory SBOMs incoming. 𝕏

Published by

Open Source Beat

Community-driven. Code-first.

#Guardarian #Guardarian malware #Guardarian wallet #Strapi CMS #Strapi CMS attack #Strapi plugins #malicious-packages #npm malicious packages #npm supply chain attack #supply chain security #supply-chain-attack

Worth sharing?

Get the best Open Source stories of the week in your inbox — no noise, no spam.

Originally reported by DevOps.com

⚡ Key Takeaways

The 60-Second TL;DR

Open Source Beat

Share this article

Worth sharing?

Related Stories

Axios npm Package Serves Up RATs: The Two-Hour Nightmare That Could've Been Yours

Invisible Code Is Now Flooding GitHub. Your Code Review Won't Catch It.

LiteLLM's PyPI Poison: Trivy Scanner Turns Spy in Supply Chain Sneak Attack

Anthropic's One-Line Fumble Leaks Billions in Code

Stay in the loop