A malicious npm package named forge-jsxy spent nearly a month silently stealing cryptocurrency wallet keys, browser credentials, and sensitive developer data from infected machines across Windows, macOS, and Linux — all while publishing 22 versioned updates in 22 days to evade detection and expand capabilities. The campaign, documented by threat intelligence firm SafeDep, represents one of the most methodically maintained pieces of malware ever observed on the npm registry.
From forge-jsx to forge-jsxy: A Persistent Attacker
The campaign did not begin with forge-jsxy. Its predecessor, forge-jsx, was published to npm on April 7, 2026, and operated undetected for nearly a month before npm’s security team identified it and replaced the package listing with a security placeholder. Within hours of that takedown, the attacker created a fresh npm account under the username jacksonkaandorp2 and published forge-jsxy — picking up exactly where forge-jsx had left off, starting at version 1.0.66 to create the impression of continuity with a mature, established library.
This rapid pivot illustrates a key challenge with npm supply chain security: takedowns are necessary but not sufficient. A determined attacker can re-register and re-publish within hours, resetting the detection clock while retaining all previously developed malicious capabilities.
An Evolving, Multi-Phase Attack
SafeDep analysts documented how forge-jsxy’s capabilities grew substantially over its 22-version lifespan, evolving in distinct phases:
- Versions 1.0.66–1.0.76 (Phase 1): The initial versions carried the full forge-jsx feature set — credential harvesting and data exfiltration — plus a new addition: periodic desktop screenshots sent to attacker-controlled Discord channels via rotating bot webhooks. The use of Discord as exfiltration infrastructure is a growing trend in malware campaigns, since Discord traffic is rarely blocked and blends into normal developer activity.
- Version 1.0.77+ (Phase 2 — May 18, rapid deployment): Six versions dropped in a single ten-hour window, introducing a cryptocurrency scanning framework that walked the entire file system looking for wallet files, seed phrases, browser extension wallet data, and private key files. The same update introduced an auto-upgrade mechanism — allowing the attacker’s relay server to silently push new agent versions to all infected machines on a staggered schedule, meaning compromised developers could receive new malicious payloads long after the original installation.
- Version 1.0.81+ (Phase 3 — persistent backdoor): The most alarming development: starting with version 1.0.81, the malware began copying its agent files into a hidden directory outside
node_modules. The practical consequence is severe — runningnpm uninstall forge-jsxyremoves the package listing fromnode_modulesbut leaves the malicious agent fully running in the background. The backdoor survives the remediation step most developers would take.
Scope of Data Theft
The full range of data targeted by forge-jsxy spans everything a developer or crypto-active user might have on their machine:
- Cryptocurrency wallets: The framework targeted wallet files, seed phrase storage, and private keys for a broad array of cryptocurrencies and wallet applications, covering both desktop wallets and browser extension wallets (MetaMask, Phantom, etc.)
- Browser credentials: Saved passwords, cookies, and session tokens from Chromium-based browsers and Firefox
- Developer secrets: Environment files (
.env), SSH keys, cloud provider credentials (AWS, GCP, Azure), and CI/CD tokens commonly stored in developer home directories - Desktop screenshots: Periodic visual captures of the victim’s screen, sent to attacker-controlled Discord webhook endpoints
Cross-Platform Targeting
Unlike malware that targets only Windows users, forge-jsxy was written to execute correctly on Windows, macOS, and Linux. This cross-platform approach is particularly damaging in the developer ecosystem, where macOS and Linux machines are common and often perceived as less at risk from malware than Windows systems. The malware adjusts its file system traversal paths and credential store locations based on the detected operating system.
Protective Measures for Developers and Organizations
The forge-jsxy campaign exposes critical weaknesses in how the developer community evaluates npm package trust. Key defensive steps include:
- Audit npm dependencies for recently published packages: Packages with very short publication histories (days to weeks) and high version numbers should be treated with suspicion. Use
npm auditand supply chain security tools like Socket.dev or SafeDep’s own tooling to monitor for known malicious packages. - Never store plaintext secrets in developer environments: Use dedicated secrets managers (HashiCorp Vault, AWS Secrets Manager, 1Password Secrets Automation) rather than
.envfiles or plaintext SSH key storage. - Treat npm uninstall as insufficient for suspected malware: If a malicious package is identified on a developer machine, assume the backdoor component has been deployed. Full remediation requires scanning for hidden agent directories, auditing startup processes, and rotating all credentials and keys that may have been stored on the machine.
- Harden cryptocurrency key storage: Hardware wallets remain the only reliable protection against software-based wallet theft. Seed phrases should never exist in plaintext on internet-connected machines.
- Monitor for unusual Discord outbound traffic: Unexpected webhook traffic to Discord from development environments should trigger investigation.
The forge-jsxy campaign is a sobering demonstration that software supply chain attacks against the developer ecosystem are not theoretical. An attacker willing to maintain a malicious package through 22 versions, rapidly pivot after a takedown, and build in backdoor persistence that survives standard remediation represents a genuine, sophisticated threat to anyone who installs npm packages without rigorous vetting.