Shai-Hulud NPM Supply Chain Attack

Key Highlights

• What happened? The Shai-Hulud npm attack is a sophisticated cyberattack targeting the open-source registry, npm. It involves a self-propagating worm, or npm malware, injected into dozens of popular packages. The attack is designed to automate npm credential theft and poses a severe threat to software supply chain security.
• What is the scope? 180+ packages, making this a potentially far-reaching incident.
• What it does: The attack starts with an npm package compromise. When a developer installs a malicious package, a script automatically scans for secrets by searching the infected system for API keys, tokens, and other credentials, exfiltrates data by creating a rogue GitHub Actions workflow to send stolen secrets to an attacker-controlled server, and self-propagates using any stolen npm tokens to publish new malicious versions of other packages, spreading the malware further.
• How can I tell if I’m affected? Search for repos with “Shai-Hulud” and audit your dependencies against the known list of compromised packages. Scan for any newly created and unauthorized GitHub Actions workflows.

A large-scale, sophisticated software supply chain attack, dubbed “Shai-Hulud,” is actively targeting the npm ecosystem. This multi-stage attack is designed to steal credentials, exfiltrate sensitive data, and propagate itself automatically across packages, making it one of the more significant threats the open-source community has faced this year.

This post breaks down what happened, the immediate actions you should take to protect your organization, and how Cycode can help you identify and remediate your exposure.

What Happened?

The Shai-Hulud attack is a self-propagating worm that begins when a developer uses a compromised version of a popular npm package. Over 180 packages have been affected.

The attack unfolds in several stages:

1. Initial Compromise: The attacker publishes a malicious version of a legitimate package to the npm registry.
2. Secret Harvesting: When the package is installed, a postinstall script executes. This script uses a legitimate secret-scanning tool, TruffleHog, to scan the host machine (developer workstation or CI/CD runner) for any secrets like API keys, cloud credentials, and npm tokens.
3. Data Exfiltration: The malware then creates an unauthorized GitHub Actions workflow (e.g., shai-hulud.yaml) within the user’s repository. This workflow exfiltrates the stolen secrets to an attacker-controlled server. The malware also creates public repositories named “Shai-Hulud” containing dumps of the stolen data.
4. Propagation: In its most dangerous step, the worm uses any stolen npm tokens to gain publishing rights to other packages owned by the compromised maintainer. It then injects itself into those packages and publishes new malicious versions, allowing it to spread automatically.

Source Code Leakage: The attack may also change the visibility of a victim’s private repositories to public, exposing proprietary source code.

What Actions Should You Take?

Every organization using npm for dependencies should take immediate action to assess their exposure and secure their environments.

• Audit Your Dependencies:
  • Scan your projects for the compromised packages listed below and in official CVEs.
  • Pin all dependencies to known-good versions to prevent the automatic uptake of malicious updates.
  • Run npm audit to identify vulnerabilities and clear your local npm cache with npm cache clean –force to remove tainted packages.
• Scan for Exposed Secrets and Rotate Them:
  • Operate under the assumption that any credentials on developer machines or within your CI/CD environment have been compromised.
  • Immediately initiate a rotation of all secrets, including API keys, cloud credentials, database passwords, and especially npm automation tokens.
• Inspect Your CI/CD and Source Code Repositories:
  • Thoroughly audit all repositories for unauthorized or suspicious GitHub Actions workflows. Look for any new YAML files you don’t recognize.
  • Check repository settings to ensure that private repositories have not been made public.
  • Review access permissions and enforce the principle of least privilege for both users and automation tokens.

How to Identify and Remediate with Cycode

For Cycode customers, identifying exposure is instantaneous. We have already updated our Threat Intel feed with the indicators of compromise (IoCs) and the full list of affected packages from this attack.

Here’s how the Cycode platform helps you address this threat end-to-end:

1. Instantly Assess Exposure: Cycode’s Software Composition Analysis (SCA) engine, powered by our Threat Intel feed, allows you to immediately query your entire software inventory to see if you are using any of the malicious Shai-Hulud packages.
2. Find and Remediate Exposed Secrets: Cycode’s Hardcoded Secrets Detection scans your entire SDLC to find exposed credentials the malware may have stolen. Our Risk Intelligence Graph helps prioritize which secrets to rotate first based on their exposure and potential impact.
3. Detect Malicious Pipeline Activity: Cycode’s CI/CD Security module provides complete visibility into your pipelines. It can detect the creation of unauthorized workflows like shai-hulud.yaml and alert you to anomalous behavior that deviates from your security policies.
4. Prevent Source Code Leakage: Cycode continuously scans public domains for your proprietary code. If the malware had made one of your private repositories public, you would receive an immediate alert, enabling you to contain the leak.

Affected Packages

The list of affected packages is growing. As of this writing, compromised packages include:

• [email protected]
• @ctrl/[email protected]
• @ctrl/[email protected]
• @ctrl/[email protected]
• @ctrl/[email protected]
• @ctrl/[email protected]
• @ctrl/[email protected]
• @ctrl/[email protected]
• @ctrl/[email protected]
• @ctrl/[email protected]
• @ctrl/[email protected]
• @ctrl/[email protected], @4.1.2
• @ctrl/[email protected]
• @ctrl/[email protected]
• @ctrl/[email protected]
• [email protected]
• [email protected], 0.2.1
• [email protected], 5.11.1
• @nativescript-community/[email protected]
• @nativescript-community/sentry 4.6.43
• @nativescript-community/[email protected]
• @nativescript-community/[email protected]
• @nativescript-community/[email protected]
• @nativescript-community/[email protected]
• @nativescript-community/[email protected]
• @nativescript-community/[email protected]
• @nativescript-community/[email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• @crowdstrike/[email protected], 8.1.2
• @crowdstrike/[email protected]
• @crowdstrike/[email protected]
• @crowdstrike/[email protected], 0.34.3
• @crowdstrike/[email protected]
• @crowdstrike/[email protected]
• @crowdstrike/[email protected], 1.205.2
• @crowdstrike/[email protected]
• @crowdstrike/[email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]

Refer to the latest advisories from npm and other security vendors for an up-to-date list.

References

• https://thehackernews.com/2025/09/40-npm-packages-compromised-in-supply.html 
• socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages
• socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages
• www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-packages-compromised