Slowmist Warns node-ipc Supply-Chain Attack Hit 9.1.6, 9.2.3, 12.0.1 on May 14

On May 14, Slowmist said three compromised node-ipc releases (9.1.6, 9.2.3, and 12.0.1) were found, putting projects across Web3 build pipelines at risk. The affected package averages more than 822,000 weekly npm downloads and includes an obfuscated 80 KB payload that can steal cloud credentials and .env secrets and exfiltrate them via DNS tunneling.