bluedoor data·Trust Centers API·bluedoor.sh

Home / Security updates / Neptune Software not affected by the NPM supply chain attack

Neptune Software not affected by the NPM supply chain attack

Security updates detail rendered from /security-updates/upd_a0a58f43e8ce2ccb.

Overview

IDupd_a0a58f43e8ce2ccb
CollectionSecurity Updates
ProviderSafeBase
CompanyNeptune Software
URL-
Counts-
Updated-

Raw record

FieldValue
idupd_a0a58f43e8ce2ccb
providerIdsafebase
organizationIdorg_99292c293f6cfe99
trustCenterIdtc_8c9d6d7febfec010
titleNeptune Software not affected by the NPM supply chain attack
messageNeptune Software not affected by the NPM supply chain attack What happened? On September 8, 2025, attackers compromised the NPM account of a well-known developer through a phishing campaign. They published malicious versions of 18 popular Node.js packages (including chalk, debug, ansi-styles and others) with a hidden crypto-clipper payload. The malware silently replaced cryptocurrency wallet addresses in web3/browser contexts, redirecting funds to attacker-controlled wallets. Why Neptune DXP Open Edition is safe? While Neptune DXP Open Edition is based on Node.js, the corresponding Node.js project—including its dependencies—and bundles everything into a standalone executable at build time. This means: The executable contains the exact dependency versions specified when the build was created. Once built, the app no longer fetches code from NPM at runtime. Therefore, any malicious package versions never entered our binaries. What you should do? Beyond the packaged Neptune DXP
url-
publishedAt2025-09-09
source
{
  "field": "statuspage/public/compliance-update",
  "category": "vulnerabilities"
}
company
{
  "id": "org_99292c293f6cfe99",
  "name": "Neptune Software",
  "domains": [
    "trust.neptune-software.com",
    "neptune-software.com"
  ]
}
trust_center
{
  "id": "tc_8c9d6d7febfec010",
  "name": "Neptune Software",
  "url": "https://trust.neptune-software.com",
  "host": "trust.neptune-software.com"
}
provider
{
  "id": "safebase",
  "name": "SafeBase"
}
links
{
  "self": "/v1/security-updates/upd_a0a58f43e8ce2ccb",
  "company": "/v1/companies/org_99292c293f6cfe99",
  "trust_center": "/v1/trust-centers/tc_8c9d6d7febfec010",
  "provider": "/v1/providers/safebase"
}
Get this page with API

Rendered from the bluedoor Trust Centers API. Reproduce it:

GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_a0a58f43e8ce2ccbJSON