⚡THE CORTEX PROTOCOL
🏠Home🚨Threats🧩Patches📚Books🎬Mission Logs
🚨 CRITICALalert

PhantomRaven Exploits NPM's Unchecked HTTP URL Dependency Feature

Category:Threat Alerts / Supply Chain
Koi researchers detail PhantomRaven campaign exploiting npm's Remote Dynamic Dependencies feature that allows HTTP URLs as package dependencies. What's wild: this feature lets packages download code from HTTP endpoints during installation, bypassing security scanners since the malicious URL isn't in the code itself and isn't cached. The fake dependency runs automatically via preinstall hooks without user interaction. What's nasty: it scans for credentials and exfiltrates filesystem contents, and the fake packages use 'slopsquatting'—names matching incomplete package names that LLMs spit out (unused-import instead of eslint-plugin-unused-imports). Researchers discovered it by accident when they noticed traffic to the same HTTP domain across multiple packages. Started August 2025, npm removed some but 80 subsequent packages evaded detection. The attack gives attackers significantly more control since the download isn't cached and can serve different payloads per victim.

🎯CORTEX Protocol Intelligence Assessment

This exploits a fundamental design flaw in npm—allowing runtime code fetching from untrusted HTTP sources. The RDD feature prioritizes developer convenience over security, assuming packages will only reference trusted dependencies. The slopsquatting twist weaponizes AI coding assistants, turning productivity tools into attack vectors. The 4-month persistence shows ecosystem-wide detection failures.

⚡Strategic Intelligence Guidance

  • Strict dependency validation: scan package.json for HTTP URLs, block installations that attempt external code fetch during npm install.
  • Implement allowlist-based egress: CI/CD and developer environments should only connect to approved npm registries—block arbitrary HTTP requests.
  • AI assistant guardrails: validate suggested package names against npm registry before installation, maintain curated lists of known-good packages.
  • Consider npm alternatives: investigate Yarn or pnpm with stricter dependency resolution, or private registries with manual package approval.
  • Incident response: if PhantomRaven packages were installed, assume credential compromise—rotate all secrets, audit for lateral movement.

Vendors

npm

Threats

PhantomRaven

Targets

DevelopersCI/CD

Tags

#npm#supply-chain#phantomraven#rdd#ai-assisted-attacks#slopsquatting
Intelligence Source: PhantomRaven Attack Exploits NPM's Unchecked HTTP URL Dependency Feature | Oct 31, 2025
More stories in Supply Chain →