Archer Special Advisory: NPM Supply Chain Attack
Special advisories relate to CVEs and security events with broad industry interest even when we know our products and platforms are not affected.
Applies To
NPM Supply Chain Attack info published by aikido: npm debug and chalk packages compromised.
Details
Archer is aware of the NPM Supply Chain Attack that impacts 18 popular packages. The attack was announced on September 8, 2025.
Archer does leverage some of the libraries in question within various products, but not the affected versions.
Archer continues to monitor the situation.
Legal Information
Read and use the information in this Archer Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Archer Technical Support. Archer distributes Archer Security Advisories in order to bring to the attention of users of the affected Archer products important security information.
Originally posted on September 9, 2025 in the Archer Community.
Comments
0 comments
Please sign in to leave a comment.