🚨 Security Alert: Phishing Domain Warning – npmjs[dot]pro

[leobalter]

We’ve received reports of a phishing campaign targeting npm users through a malicious domain: npmjs[dot]pro. This domain is not affiliated with npm and is being used to impersonate official npm communication. Do not visit or interact with this domain. Doing so may expose your credentials and compromise your npm account.

‼️Important: Official npm communications will originate from npmjs.com.

🕵️ What’s Happening?

Attackers are sending deceptive messages that appear to come from npm, urging users to click links, verify 2FA, or log in via npmjs[dot]pro. These links lead to fraudulent login pages designed to steal credentials and compromise npm accounts.

⚠️ What to Watch For

• Emails or messages referencing npmjs[dot]pro or other non-official npm domains
  • Official npm communications will always originate from npmjs.com.
• Requests to verify credentials or update security settings

🛡️ What You Should Do

• Do not click on any links from suspicious sources claiming to be npm.
• Always verify the domain in your browser before entering credentials.
• Report phishing attempts to npm support.
• If you suspect a compromise, reset your npm credentials immediately and review account activity
• Stay informed: GitHub has announced important changes to npm authentication and token management to strengthen security. Read the full update here.

[cquanu]

Please verify your domain/email