← All Tags
# npm ci-cd

1 link tagged with all of: npm + ci-cd

Click any tag below to further narrow down your results

+ github (1) + security (1) + typosquatting (1)

Links

Malicious npm package sneaks into GitHub Actions builds

A typosquatted npm package named “@acitons/artifact” impersonated the legitimate “@actions/artifact” to exploit GitHub's CI/CD workflows. It stole tokens from build environments and published malicious artifacts, highlighting vulnerabilities in supply chain security.
Saved by tldr-importer · Last saved February 14, 2026 · 3 min read
npm ✓ + github + security + typosquatting ci-cd ✓