Malware in PostHog NPM packages
I know many of us use a really excellent PostHog service, but it seems their latest version of `posthog-js` NPM package contains malware. Reported to their security channel, also reported to NPM, but also wanted to raise awareness here. Update: It seems all their NPM packages have the same problem Update 2: https://ift.tt/cGdH2tA 6 comments on Hacker News.
I know many of us use a really excellent PostHog service, but it seems their latest version of `posthog-js` NPM package contains malware. Reported to their security channel, also reported to NPM, but also wanted to raise awareness here. Update: It seems all their NPM packages have the same problem Update 2: https://ift.tt/cGdH2tA
I know many of us use a really excellent PostHog service, but it seems their latest version of `posthog-js` NPM package contains malware. Reported to their security channel, also reported to NPM, but also wanted to raise awareness here. Update: It seems all their NPM packages have the same problem Update 2: https://ift.tt/cGdH2tA 6 comments on Hacker News.
I know many of us use a really excellent PostHog service, but it seems their latest version of `posthog-js` NPM package contains malware. Reported to their security channel, also reported to NPM, but also wanted to raise awareness here. Update: It seems all their NPM packages have the same problem Update 2: https://ift.tt/cGdH2tA
Hacker News story: Malware in PostHog NPM packages
![Hacker News story: Malware in PostHog NPM packages]()
Reviewed by Tha Kur
on
November 24, 2025
Rating:
No comments: