JFrog finds North Korea-linked npm packages stealing secrets by mimicking Rollup polyfills
Malicious packages impersonate legitimate Rollup polyfill tooling, aiming to steal developer credentials and open remote access to infected machines.

Security researchers at JFrog identified npm packages linked to North Korean threat actors that impersonate legitimate Rollup polyfill tools. The packages mimic “rollup-plugin-polyfill-node” down to descriptions, repository metadata, and package structure to steal developer credentials and enable remote access.
JFrog researchers say they found North Korea-linked malicious npm packages that impersonate Rollup polyfill tooling to steal developer credentials and enable remote access to compromised machines. Two packages were called out by name: “rollup-packages-polyfill-core” and “rollup-runtime-polyfill-core.”
The twist is that the attackers did not just publish random malware. They built packages that look like the legitimate Rollup polyfill ecosystem, mimicking “rollup-plugin-polyfill-node” closely, including its description, repository metadata, and package structure. That kind of mimicry matters because many development workflows assume that an npm name that resembles a known tool is probably safe. Attackers bank on that assumption.
If you manage software delivery, your risk is not theoretical. npm is a foundational dependency layer. When a package is introduced into build pipelines, codebases, or automation scripts, it can become a quiet bridge between “normal development activity” and “execution on developer and CI environments.” The JFrog findings describe the packages as aiming to steal developer credentials and provide remote access to compromised machines. In plain English: the packages are designed to take what people use to control systems and then keep a door open for attackers to come back.
Why impersonate Rollup polyfills specifically? Rollup polyfills are a common part of JavaScript bundling and compatibility workflows. The more routine a dependency looks, the less scrutiny it attracts. And according to JFrog, these malicious npm packages specifically impersonate the “rollup-plugin-polyfill-node” project down to package structure, description, and repository metadata. That is a high-effort masquerade. It suggests the objective is not merely to get code running once, but to blend in long enough to be installed, trusted, and distributed through developer workflows.
For executives and boards, the second-order issue is trust in the supply chain. Once a dependency ecosystem is compromised, the blast radius expands beyond the initially infected machine. Credentials theft can pivot to other systems, depending on what those credentials unlock. Remote access capability changes the risk posture from “we found something suspicious” to “an attacker may already be inside.” Even if your direct team never installs these exact packages, teams that consume upstream dependencies, transitive installs, or mirrored tooling could still be affected depending on how package versions are pulled into projects.
There is also a governance and oversight angle. Supply chain security has been moving from a niche engineering concern to an audit and compliance topic across industries. Regulators and standards bodies have increasingly focused on operational risk in software components, including how organizations manage third-party code and how they respond when vulnerabilities or malicious dependencies appear. JFrog's described technique is not a typical “bug in code.” It is dependency impersonation that targets the human trust layer and the automation layer. That means incident response has to include developer credential hygiene and environment hardening, not just dependency scanning.
For security leaders, the immediate question becomes: what controls would have stopped a package that mimicked a legitimate project at the metadata and structure level? Many organizations rely on reputation, dependency allowlists, and automated scanning, but scanning is only as good as the fingerprints it checks. If the malicious packages are crafted to resemble the legitimate tooling, detection may require stronger signals: trusted provenance, strict version pinning, and verification of package identity. For business leaders, the question is simpler and more urgent: how fast can your organization determine whether builds were affected, rotate impacted credentials, and contain potential remote access.
The strategic stake for peers is straightforward. npm dependency attacks are not a distant corner case anymore. JFrog's identification of two specific packages, “rollup-packages-polyfill-core” and “rollup-runtime-polyfill-core,” tied to North Korean threat actors, shows how targeted and operational these campaigns can be. If your organization treats “installing a dependency” as a low-risk action, you may be underestimating a threat model where attackers weaponize familiar tooling names and structures to steal developer secrets and maintain remote access.
In other words: the supply chain is not just code. It is credential pathways, automation pipelines, and the assumptions developers make when something looks like the real thing.
This story's Key Insights and Take-aways are locked.
Create a free account to unlock Executive Actions for one credit.
Register to UnlockAlways free for Executives Club members. Join the Club
More in Technology
ChatGPT hit 1B monthly users fastest ever. Now Claude and Meta AI are sprinting past growth
OpenAI’s milestone is historic, but rival adoption curves suggest the next battle is speed, not just scale.

Tesla sells the six-seat Model Y Long Wheelbase for $61,990 in the US
A third-row expansion hits the Model Y lineup with a new Launch Series starting price and broader availability.

Godox’s C100 swaps color preview for a transparent LCD optical viewfinder
A lighting brand enters the point-and-shoot renaissance with a camera that looks through glass, not screens.
