/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
On September 8, 2025, the popular chalk npm package was compromised in a major supply chain attack targeting maintainer accounts via phishing. The attackers published malicious versions of chalk and 17 other widely used packages to the npm registry
Read more...
Environment
- SAP Commerce Cloud
- SAP Commerce Cloud, Composable Storefront 1.0 and higher versions
Product
SAP Commerce Cloud all versions ; SAP Commerce Cloud, composable storefront 1.0
Keywords
npm, halk, debug package, supply, chain, attack, hybris , KBA , CEC-SPA , SAP Commerce Cloud Spartacus , CEC-SCC-PLA-PL , Platform , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)