Viewing enriched Twitter post
🚨 New Investigation: Attackers are hunting the maintainers behind Lodash, Fastify, buffer, Pino, mocha, Express, and #Nodejs core, because compromising one of them means write access to packages downloaded billions of times a week. https://t.co/Z91wLu7GRC
{
"media": [
{
"url": "https://crmoxkoizveukayfjuyo.supabase.co/storage/v1/object/public/media/posts/2040156769532436608/media_0.jpg",
"media_url": "https://crmoxkoizveukayfjuyo.supabase.co/storage/v1/object/public/media/posts/2040156769532436608/media_0.jpg",
"type": "photo",
"filename": "media_0.jpg"
}
],
"processed_at": "2026-04-03T23:21:10.075082",
"pipeline_version": "2.0"
}{
"type": "tweet",
"id": "2040156769532436608",
"url": "https://x.com/SocketSecurity/status/2040156769532436608",
"twitterUrl": "https://twitter.com/SocketSecurity/status/2040156769532436608",
"text": "🚨 New Investigation: Attackers are hunting the maintainers behind Lodash, Fastify, buffer, Pino, mocha, Express, and #Nodejs core, because compromising one of them means write access to packages downloaded billions of times a week. \nhttps://t.co/Z91wLu7GRC",
"source": "Twitter for iPhone",
"retweetCount": 25,
"replyCount": 3,
"likeCount": 76,
"quoteCount": 9,
"viewCount": 11625,
"createdAt": "Fri Apr 03 19:57:32 +0000 2026",
"lang": "en",
"bookmarkCount": 26,
"isReply": false,
"inReplyToId": null,
"conversationId": "2040156769532436608",
"displayTextRange": [
0,
256
],
"inReplyToUserId": null,
"inReplyToUsername": null,
"author": {
"type": "user",
"userName": "SocketSecurity",
"url": "https://x.com/SocketSecurity",
"twitterUrl": "https://twitter.com/SocketSecurity",
"id": "1458247940640690176",
"name": "Socket",
"isVerified": false,
"isBlueVerified": false,
"verifiedType": "Business",
"profilePicture": "https://pbs.twimg.com/profile_images/1510053189122342914/OlP9Sx-9_normal.jpg",
"coverPicture": "https://pbs.twimg.com/profile_banners/1458247940640690176/1645985662",
"description": "",
"location": "https://socket.dev/careers",
"followers": 8527,
"following": 4591,
"status": "",
"canDm": true,
"canMediaTag": true,
"createdAt": "Wed Nov 10 01:42:48 +0000 2021",
"entities": {
"description": {
"urls": []
},
"url": {}
},
"fastFollowersCount": 0,
"favouritesCount": 1744,
"hasCustomTimelines": true,
"isTranslator": false,
"mediaCount": 192,
"statusesCount": 2769,
"withheldInCountries": [],
"affiliatesHighlightedLabel": {},
"possiblySensitive": false,
"pinnedTweetIds": [
"1848701099475407303"
],
"profile_bio": {
"description": "Socket is the #1 software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS. 👀 @npm_malware",
"entities": {
"description": {
"hashtags": [],
"symbols": [],
"urls": [],
"user_mentions": [
{
"id_str": "0",
"indices": [
121,
133
],
"name": "",
"screen_name": "npm_malware"
}
]
},
"url": {
"urls": [
{
"display_url": "socket.dev",
"expanded_url": "https://socket.dev",
"indices": [
0,
23
],
"url": "https://t.co/nsXevBVJot"
}
]
}
}
},
"isAutomated": false,
"automatedBy": null
},
"extendedEntities": {},
"card": {
"binding_values": [
{
"key": "photo_image_full_size_large",
"value": {
"image_value": {
"alt": "Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.",
"height": 419,
"url": "https://pbs.twimg.com/card_img/2040156771566653440/YMlSM-9a?format=jpg&name=800x419",
"width": 800
}
}
},
{
"key": "thumbnail_image",
"value": {
"image_value": {
"alt": "Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.",
"height": 144,
"url": "https://pbs.twimg.com/card_img/2040156771566653440/YMlSM-9a?format=jpg&name=144x144",
"width": 144
}
}
},
{
"key": "description",
"value": {
"string_value": "Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios."
}
},
{
"key": "domain",
"value": {
"string_value": "socket.dev"
}
},
{
"key": "thumbnail_image_large",
"value": {
"image_value": {
"alt": "Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.",
"height": 320,
"url": "https://pbs.twimg.com/card_img/2040156771566653440/YMlSM-9a?format=jpg&name=800x320_1",
"width": 320
}
}
},
{
"key": "summary_photo_image_small",
"value": {
"image_value": {
"alt": "Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.",
"height": 202,
"url": "https://pbs.twimg.com/card_img/2040156771566653440/YMlSM-9a?format=jpg&name=386x202",
"width": 386
}
}
},
{
"key": "thumbnail_image_original",
"value": {
"image_value": {
"alt": "Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.",
"height": 1000,
"url": "https://pbs.twimg.com/card_img/2040156771566653440/YMlSM-9a?format=jpg&name=orig",
"width": 1000
}
}
},
{
"key": "site",
"value": {
"scribe_key": "publisher_id",
"user_value": {
"id_str": "1458247940640690176",
"path": []
}
}
},
{
"key": "photo_image_full_size_small",
"value": {
"image_value": {
"alt": "Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.",
"height": 202,
"url": "https://pbs.twimg.com/card_img/2040156771566653440/YMlSM-9a?format=jpg&name=386x202",
"width": 386
}
}
},
{
"key": "summary_photo_image_large",
"value": {
"image_value": {
"alt": "Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.",
"height": 419,
"url": "https://pbs.twimg.com/card_img/2040156771566653440/YMlSM-9a?format=jpg&name=800x419",
"width": 800
}
}
},
{
"key": "thumbnail_image_small",
"value": {
"image_value": {
"alt": "Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.",
"height": 100,
"url": "https://pbs.twimg.com/card_img/2040156771566653440/YMlSM-9a?format=jpg&name=100x100",
"width": 100
}
}
},
{
"key": "thumbnail_image_x_large",
"value": {
"image_value": {
"alt": "Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.",
"height": 1000,
"url": "https://pbs.twimg.com/card_img/2040156771566653440/YMlSM-9a?format=png&name=2048x2048_2_exp",
"width": 1000
}
}
},
{
"key": "photo_image_full_size_original",
"value": {
"image_value": {
"alt": "Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.",
"height": 1000,
"url": "https://pbs.twimg.com/card_img/2040156771566653440/YMlSM-9a?format=jpg&name=orig",
"width": 1000
}
}
},
{
"key": "photo_image_full_size_alt_text",
"value": {
"string_value": "Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios."
}
},
{
"key": "vanity_url",
"value": {
"scribe_key": "vanity_url",
"string_value": "socket.dev"
}
},
{
"key": "photo_image_full_size",
"value": {
"image_value": {
"alt": "Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.",
"height": 314,
"url": "https://pbs.twimg.com/card_img/2040156771566653440/YMlSM-9a?format=jpg&name=600x314",
"width": 600
}
}
},
{
"key": "summary_photo_image_alt_text",
"value": {
"string_value": "Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios."
}
},
{
"key": "thumbnail_image_color",
"value": {
"image_color_value": {
"palette": [
{
"percentage": 66.47,
"rgb": {
"blue": 25,
"green": 1,
"red": 17
}
},
{
"percentage": 11.59,
"rgb": {
"blue": 34,
"green": 2,
"red": 54
}
},
{
"percentage": 5.08,
"rgb": {
"blue": 20,
"green": 6,
"red": 87
}
},
{
"percentage": 5.07,
"rgb": {
"blue": 2,
"green": 1,
"red": 209
}
},
{
"percentage": 3.63,
"rgb": {
"blue": 14,
"green": 113,
"red": 229
}
}
]
}
}
},
{
"key": "title",
"value": {
"string_value": "Attackers Are Hunting High-Impact Node.js Maintainers in a C..."
}
},
{
"key": "summary_photo_image_color",
"value": {
"image_color_value": {
"palette": [
{
"percentage": 66.47,
"rgb": {
"blue": 25,
"green": 1,
"red": 17
}
},
{
"percentage": 11.59,
"rgb": {
"blue": 34,
"green": 2,
"red": 54
}
},
{
"percentage": 5.08,
"rgb": {
"blue": 20,
"green": 6,
"red": 87
}
},
{
"percentage": 5.07,
"rgb": {
"blue": 2,
"green": 1,
"red": 209
}
},
{
"percentage": 3.63,
"rgb": {
"blue": 14,
"green": 113,
"red": 229
}
}
]
}
}
},
{
"key": "summary_photo_image_x_large",
"value": {
"image_value": {
"alt": "Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.",
"height": 1000,
"url": "https://pbs.twimg.com/card_img/2040156771566653440/YMlSM-9a?format=png&name=2048x2048_2_exp",
"width": 1000
}
}
},
{
"key": "summary_photo_image",
"value": {
"image_value": {
"alt": "Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.",
"height": 314,
"url": "https://pbs.twimg.com/card_img/2040156771566653440/YMlSM-9a?format=jpg&name=600x314",
"width": 600
}
}
},
{
"key": "photo_image_full_size_color",
"value": {
"image_color_value": {
"palette": [
{
"percentage": 66.47,
"rgb": {
"blue": 25,
"green": 1,
"red": 17
}
},
{
"percentage": 11.59,
"rgb": {
"blue": 34,
"green": 2,
"red": 54
}
},
{
"percentage": 5.08,
"rgb": {
"blue": 20,
"green": 6,
"red": 87
}
},
{
"percentage": 5.07,
"rgb": {
"blue": 2,
"green": 1,
"red": 209
}
},
{
"percentage": 3.63,
"rgb": {
"blue": 14,
"green": 113,
"red": 229
}
}
]
}
}
},
{
"key": "photo_image_full_size_x_large",
"value": {
"image_value": {
"alt": "Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.",
"height": 1000,
"url": "https://pbs.twimg.com/card_img/2040156771566653440/YMlSM-9a?format=png&name=2048x2048_2_exp",
"width": 1000
}
}
},
{
"key": "card_url",
"value": {
"scribe_key": "card_url",
"string_value": "https://t.co/Z91wLu7GRC"
}
},
{
"key": "summary_photo_image_original",
"value": {
"image_value": {
"alt": "Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.",
"height": 1000,
"url": "https://pbs.twimg.com/card_img/2040156771566653440/YMlSM-9a?format=jpg&name=orig",
"width": 1000
}
}
}
],
"card_platform": {
"platform": {
"audience": {
"name": "production"
},
"device": {
"name": "iPhone",
"version": "13"
}
}
},
"name": "summary_large_image",
"url": "https://t.co/Z91wLu7GRC",
"user_refs_results": [
{
"rest_id": "1458247940640690176",
"result": {
"__typename": "User",
"action_counts": {
"favorites_count": 1744
},
"avatar": {
"image_url": "https://pbs.twimg.com/profile_images/1510053189122342914/OlP9Sx-9_normal.jpg"
},
"banner": {
"image_url": "https://pbs.twimg.com/profile_banners/1458247940640690176/1645985662"
},
"core": {
"created_at": "Wed Nov 10 01:42:48 +0000 2021",
"name": "Socket",
"screen_name": "SocketSecurity"
},
"dm_permissions": {
"can_dm": true
},
"exclusive_tweet_following": false,
"follow_request_sent": false,
"identity_profile_labels_highlighted_label": {},
"location": {
"location": "https://socket.dev/careers"
},
"media_permissions": {
"can_media_tag": true
},
"notifications_settings": {
"notifications_enabled": false
},
"pinned_items": {
"tweet_ids_str": [
"1848701099475407303"
]
},
"privacy": {
"protected": false,
"suspended": false
},
"private_super_following": false,
"profile_bio": {
"description": "Socket is the #1 software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS. 👀 @npm_malware",
"entities": {
"description": {
"hashtags": [],
"symbols": [],
"urls": [],
"user_mentions": [
{
"id_str": "0",
"indices": [
121,
133
],
"name": "",
"screen_name": "npm_malware"
}
]
},
"url": {
"urls": [
{
"display_url": "socket.dev",
"expanded_url": "https://socket.dev",
"indices": [
0,
23
],
"url": "https://t.co/nsXevBVJot"
}
]
}
}
},
"profile_image_shape": "Square",
"profile_metadata": {
"profile_interstitial_type": "",
"profile_link_color": "1DA1F2"
},
"profile_translation": {
"translator_type_enum": "None"
},
"properties": {
"has_extended_profile": true
},
"relationship_counts": {
"followers": 8527,
"following": 4591
},
"relationship_perspectives": {
"blocked_by": false,
"blocking": false,
"followed_by": false,
"following": false,
"live_following": false,
"muting": false
},
"rest_id": "1458247940640690176",
"smart_blocked_by": false,
"smart_blocking": false,
"super_follow_eligible": false,
"super_followed_by": false,
"super_following": false,
"tweet_counts": {
"media_tweets": 192,
"tweets": 2769
},
"verification": {
"is_blue_verified": false,
"verified": false,
"verified_type": "Business"
},
"website": {
"url": "https://t.co/nsXevBVJot"
}
}
}
]
},
"place": {},
"entities": {
"hashtags": [
{
"indices": [
117,
124
],
"text": "Nodejs"
}
],
"symbols": [],
"timestamps": [],
"urls": [
{
"display_url": "socket.dev/blog/attackers…",
"expanded_url": "https://socket.dev/blog/attackers-hunting-high-impact-nodejs-maintainers",
"indices": [
233,
256
],
"url": "https://t.co/Z91wLu7GRC"
}
],
"user_mentions": []
},
"quoted_tweet": null,
"retweeted_tweet": null,
"isLimitedReply": false,
"communityInfo": null,
"article": null
}