Beware for Developers: 16 React Native Packages with Millions of Downloads Compromised Overnight

Cybersecurity researchers have uncovered a large-scale attack targeting the npm ecosystem, compromising 16 popular React Native packages with a combined download count exceeding one million per week.

The attack, detected on June 6th, 2025, represents a significant escalation in the ongoing campaign by a sophisticated threat actor, previously linked to the compromise of the rand-user-agent package.

This latest breach, which unfolded over mere hours, has injected malicious payloads into widely used libraries, posing an immediate risk to developers and organizations relying on these dependencies.

A Massive Supply Chain Attack Unfolds

The attack began at 21:33 PM GMT on June 6th, with the release of version 0.2.10 of @react-native-aria/focus.

Within hours, the attacker systematically updated 15 additional packages, including @react-native-aria/utils, @react-native-aria/interactions, and @gluestack-ui/utils, embedding malicious code in each.

The payload, hidden ...