Red Hat has confirmed that dozens of its software packages distributed through the official NPM (Node Package Manager) channel have been compromised with backdoors, creating potential security vulnerabilities for users who downloaded the affected packages.

The security incident involves packages that were distributed through Red Hat's legitimate NPM distribution channel, making the compromised software appear authentic to users and automated systems that rely on official package repositories.

The company has advised all users who have downloaded Red Hat packages through NPM to immediately investigate their systems for potential security compromises. The scope of the backdoor implementation and the specific packages affected have not been fully detailed in initial reports.

NPM serves as a critical package manager for JavaScript and Node.js applications, with millions of developers worldwide relying on it to install and manage software dependencies. When official channels are compromised, it can affect a wide range of downstream applications and systems.

Red Hat has not yet provided details about how the backdoors were introduced into their official distribution channel or the timeline of the compromise. The company is working to identify all affected packages and assess the full scope of the security incident.