Red Hat Confirms Supply Chain Breach Impacting @redhat-cloud-services npm Packages

Red Hat disclosed a supply-chain breach caused by a compromised GitHub account that introduced malicious commits into frontend libraries under the @redhat-cloud-services npm namespace; the malicious package versions were published to npm and subsequently removed. Red Hat is investigating whether those packages were incorporated into production or shipped products, currently reports no evidence of customer impact, and recommends auditing dependencies, monitoring build pipelines, and enforcing strong authentication.