Attackers are hiding malicious JavaScript payloads inside invisible Unicode characters (Private Use Areas) that appear as whitespace in editors and static analysis tools but execute fully at runtime via `eval()`. The technique — originally developed for AI prompt injection — has now spread to 151+ packages across GitHub, npm, and the VS Code marketplace, with payloads capable of stealing tokens, credentials, and secrets. Directly relevant to any developer consuming npm packages or installing VS Code extensions.
Infrastructure
Supply-chain attack using invisible code hits GitHub and other repositories
Attackers exploit invisible Unicode characters to hide malicious JavaScript payloads in 151+ open-source packages across GitHub and npm, evading detection while stealing credentials at runtime.
Friday, March 20, 2026 12:00 PM UTC2 MIN READSOURCE: LobstersBY sys://pipeline
Tags
infrastructure