24 Hours of Chaos: Saving My Open Source Project from a Supply Chain Attack

Hello world, I'm a Senior Architect. Today, I want to share a "battle-tested" experience that just happened to my open-source project: nodejs-quickstart-structure . This isn't just about code; it’s a lesson in Incident Response when facing professional malware designed to hijack npm, GitHub, and sensitive developer credentials. 1. The Threat: Axios & plain-crypto-js While developing version v2.0.0 , I fell victim to a Typosquatting attack. A malicious package or a "shell" dependency injected malware into my local environment. The Suspect: Linked to the plain-crypto-js incident (a malware variant targeting devs using Axios). The Behavior: It didn't just break my system; it silently exfiltrated: Browser Cookies: Hijacking active sessions for Gmail, GitHub, and LinkedIn. SSH Keys: Gaining unauthorized access to push code to repositories. npm Tokens: Attempting to publish malicious releases under my name. 2. 0h00: Detection & Containment Immediately after noticing suspicious logs and file