Home / Security updates / Neptune Software not affected by the NPM supply chain attack
Neptune Software not affected by the NPM supply chain attack
Security updates detail rendered from /security-updates/upd_a0a58f43e8ce2ccb.
Overview
| ID | upd_a0a58f43e8ce2ccb |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Neptune Software |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_a0a58f43e8ce2ccb |
| providerId | safebase |
| organizationId | org_99292c293f6cfe99 |
| trustCenterId | tc_8c9d6d7febfec010 |
| title | Neptune Software not affected by the NPM supply chain attack |
| message | Neptune Software not affected by the NPM supply chain attack What happened? On September 8, 2025, attackers compromised the NPM account of a well-known developer through a phishing campaign. They published malicious versions of 18 popular Node.js packages (including chalk, debug, ansi-styles and others) with a hidden crypto-clipper payload. The malware silently replaced cryptocurrency wallet addresses in web3/browser contexts, redirecting funds to attacker-controlled wallets. Why Neptune DXP Open Edition is safe? While Neptune DXP Open Edition is based on Node.js, the corresponding Node.js project—including its dependencies—and bundles everything into a standalone executable at build time. This means: The executable contains the exact dependency versions specified when the build was created. Once built, the app no longer fetches code from NPM at runtime. Therefore, any malicious package versions never entered our binaries. What you should do? Beyond the packaged Neptune DXP |
| url | - |
| publishedAt | 2025-09-09 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_99292c293f6cfe99",
"name": "Neptune Software",
"domains": [
"trust.neptune-software.com",
"neptune-software.com"
]
} |
| trust_center | {
"id": "tc_8c9d6d7febfec010",
"name": "Neptune Software",
"url": "https://trust.neptune-software.com",
"host": "trust.neptune-software.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_a0a58f43e8ce2ccb",
"company": "/v1/companies/org_99292c293f6cfe99",
"trust_center": "/v1/trust-centers/tc_8c9d6d7febfec010",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_a0a58f43e8ce2ccbJSON