Since May 26, 2024, Phylum has been monitoring a persistent supply chain attacker involving a trojanized version of jQuery. We initially discovered the malicious variant on npm, where we saw the compromised version published in dozens of packages over a month. After investigating, we found instances of the trojanized jQuery on other platforms, such as GitHub, and even as a CDN-hosted resource on j
![Persistent npm Campaign Shipping Trojanized jQuery](https://cdn-ak-scissors.b.st-hatena.com/image/square/25c97cefbe8ca7259777fd7a235afaf045658ce9/height=288;version=1;width=512/https%3A%2F%2Fblog.phylum.io%2Fcontent%2Fimages%2Fsize%2Fw1200%2F2024%2F07%2Ftrojan_horse.webp)