You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Security heads-up: the bare clerk-nextjs npm namespace — the intuitive alias for @clerk/nextjs (~500K weekly downloads) — is currently unclaimed on npm.
This makes it a high-probability baitsquatting target. Clerk is particularly high-risk because:
AI agents (Claude Code, Cursor, Copilot) scaffolding auth will confidently recommend clerk-nextjs as the natural package name
Your users always have CLERK_SECRET_KEY and NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY in their environment — compromised auth keys mean full account takeover for end users
What baitsquatting is: An attacker registers the intuitive bare-name alias of a scoped tool, then waits for AI coding agents to recommend it at scale. Unlike slopsquatting (which requires AI hallucination), no hallucination is needed — the AI recommends the name any developer would naturally predict.
Live incident context: On 2026-04-18, Claude Code executed a rogue npm package (lhci, the bare alias for @lhci/cli) autonomously in a shell containing live credentials (Supabase service role key, Sentry DSN, PostHog key). The same pattern applies directly to clerk-nextjs.
Recommended action: Register clerk-nextjs defensively under the Clerk npm org. A placeholder redirecting to @clerk/nextjs closes this permanently.
Part of coordinated disclosure BSQT-2026-001 — publishing publicly 2026-05-03.
Hi Clerk team,
Security heads-up: the bare
clerk-nextjsnpm namespace — the intuitive alias for@clerk/nextjs(~500K weekly downloads) — is currently unclaimed on npm.This makes it a high-probability baitsquatting target. Clerk is particularly high-risk because:
@clerk/nextjsis the Lerna - npm workspaces setup #1 AI-recommended auth solution for Next.js projectsclerk-nextjsas the natural package nameCLERK_SECRET_KEYandNEXT_PUBLIC_CLERK_PUBLISHABLE_KEYin their environment — compromised auth keys mean full account takeover for end usersWhat baitsquatting is: An attacker registers the intuitive bare-name alias of a scoped tool, then waits for AI coding agents to recommend it at scale. Unlike slopsquatting (which requires AI hallucination), no hallucination is needed — the AI recommends the name any developer would naturally predict.
Live incident context: On 2026-04-18, Claude Code executed a rogue npm package (
lhci, the bare alias for@lhci/cli) autonomously in a shell containing live credentials (Supabase service role key, Sentry DSN, PostHog key). The same pattern applies directly toclerk-nextjs.Recommended action: Register
clerk-nextjsdefensively under the Clerk npm org. A placeholder redirecting to@clerk/nextjscloses this permanently.Part of coordinated disclosure BSQT-2026-001 — publishing publicly 2026-05-03.
— DJ (https://github.com/zkDeej)