{
  "title": "Node-IPC Expired Domain & Maintainer Account Hijacking",
  "summary": "On May 14, 2026, the highly popular Node.js library node-ipc was compromised in a major supply chain attack. Attackers re-registered the expired email domain of a dormant lead maintainer to reset their npm account password and publish credential-stealing updates.",
  "date": "2026-05-14",
  "severity": "critical",
  "tags": [
    "package-compromise",
    "maintainer-hijacking",
    "supply-chain",
    "domain-takeover",
    "dns-exfiltration",
    "credential-theft"
  ],
  "sources_count": 5,
  "indicators": {
    "slug": "node-ipc-expired-domain-takeover",
    "since": "2025-01-15T00:00:00Z",
    "until": "2026-05-14T23:59:59Z",
    "ecosystem": "npm, javascript, node.js npm registry",
    "cves": [],
    "cwes": [],
    "advisoryIds": [],
    "products": [],
    "packages": [
      "node-ipc"
    ],
    "versions": [
      "9.1.6",
      "9.2.3",
      "12.0.1"
    ],
    "affectedVersions": [],
    "fixedVersions": [
      "9.1.7",
      "9.2.4",
      "12.0.2"
    ],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [],
    "urls": [
      "https://snyk.io`"
    ],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}