What are the malicious npm Strapi packages?

36 packages mimicking Strapi CMS plugins, uploaded to steal Guardarian wallet credentials via env sniffing and exfil.

How to check if I'm hit by npm supply chain attack?

Audit node_modules for `@strapi/*` unknowns, grep for Guardarian refs, scan traffic for odd outbound.

Does this affect all Strapi users?

Only if you installed these fakes—stick to official registry, verify hashes.

36 Fake Strapi Plugins Poison npm, Steal Guardarian Wallets

Npm's supply chain just took another hit—36 malicious packages posing as Strapi plugins, laser-focused on draining Guardarian wallets. Developers, wake up: this isn't random.

theAIcatchup Apr 07, 2026 4 min read

Cybersecurity threats in code supply chain with threat modeling visualization

⚡ Key Takeaways

36 malicious packages disguised as Strapi plugins target Guardarian crypto wallets via npm supply chain attack. 𝕏
Attack relies on trusted plugin facade, env probing, and silent exfil—npm's detection lags. 𝕏
Defend with lockfiles, sigs, and behavioral monitoring; predict mandatory SBOMs incoming. 𝕏

Published by

theAIcatchup

Community-driven. Code-first.

#Guardarian #Guardarian malware #Guardarian wallet #Strapi CMS #Strapi CMS attack #npm malicious packages

Worth sharing?

Get the best Open Source stories of the week in your inbox — no noise, no spam.

Originally reported by DevOps.com

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

React Server Components' Perfect-Score RCE Flaw Exposes Millions of Apps

Anthropic's One-Line Fumble Leaks Billions in Code

Blockchain's Quiet Revolution: Why Crypto's Edge Over Banks Is Just Getting Started

Silence on the Network: The Signal That Caught an Intruder Cold

Stay in the loop