A sophisticated supply chain attack has compromised over 40 npm packages, all maintained by different developers. This campaign, codenamed the ‘Shai-Hulud’ attack after the sandworms from Dune, utilises a self-propagating worm to automatically compromise downstream dependencies, and also targets npm packages. A critical feature of this campaign is its self-replicating worm design. Each compromised package automatically trojanizes downstream dependencies by injecting malicious code and republishing new versions. This creates a cascading compromise effect throughout the npm ecosystem, amplifying the attack’s reach and persistence.
The function NpmModule.updatePackage works by downloading a package tarball, modifying its package.json file, inserting a harmful script called bundle.js, and republishing the package. The script then runs TruffleHog to hunt for sensitive credentials such as GITHUB_TOKEN, NPM_TOKEN, AWS_ACCESS_KEY_ID, and AWS_SECRET_ACCESS_KEY on developers’ machines. Any captured data is sent directly to an attacker-controlled server. The script also validates npm tokens against the whoami endpoint, leverages GitHub APIs when tokens are found, and probes cloud metadata services such as AWS and GCP to exfiltrate ephemeral credentials from build agents.
The stolen credentials and sensitive data are exfiltrated through a hardcoded webhook endpoint on webhook[.]site. Additionally, the malware attempts to publish the harvested data to public repositories created within the victim’s GitHub account. This dual exfiltration method ensures data leakage even if network egress to the webhook is blocked, extending the impact beyond the initial host.
Both Windows and Linux environments were affected, with widely used libraries such as angulartics2, @ctrl/tinycolor, json-rules-engine-simplified, and ngx-toastr compromised. The attack spread across multiple namespaces, including @ctrl, @nativescript-community, CrowdStrike, Ember, and RxNT projects, with additional packages under operato and other vendors also flagged. Notably, @ctrl/tinycolor alone sees over 2.2 million downloads per week, highlighting the extensive reach and potential impact of the incident. The campaign is believed to have originated from the ‘techsupportrxnt’ npm account, which published the first malicious version of rxnt-authentication on September 14, 2025. Investigators suspect that initial access may have been obtained via phishing or a compromise of GitHub automation workflows, although the exact intrusion method remains under investigation.
Developers and organizations are advised to:
- Audit package manifests (package-lock.json, yarn.lock) for affected versions.
- Clear local and CI/CD caches to prevent reinstallation of malicious packages.
- Pin dependencies to known safe versions.
- Rotate npm tokens and any other exposed credentials.
- Monitor logs for unusual npm publishes or unexpected external communications.
Developers are also advised to uninstall trojanized package versions, monitor for unauthorised npm publishes, and inspect repository workflows for suspicious automation entries potentially introduced by the malware.
This case highlights vulnerability in open-source supply chains. Attackers were able to compromise upstream packages, causing malicious code to propagate into downstream projects. The malware persists by injecting a GitHub Actions workflow into affected repositories, so even if removed locally, subsequent CI/CD runs continue to leak secrets and artifacts. Security analysts have observed similarities to the recent s1ngularity campaign targeting Nx build packages, indicating a growing sophistication in JavaScript supply chain attacks.
Lockfiles and blocklists offer limited protection against this type of attack. Stronger defenses involve proactive monitoring, pinning dependencies, clearing caches, rotating tokens, and auditing CI/CD pipelines. Researchers have described this campaign as one of the most serious JavaScript supply chain threats to date and recommend promptly removing any affected package versions.
Caught feelings for cybersecurity? It’s okay, it happens. Follow us on LinkedIn and Instagram to keep the spark alive.
