VU#534320: NPM supply chain compromise exposes challenges to securing the ecosystem from credential theft and self-propagation

Overview

A major npm supply chain compromise was disclosed by the software supply chain security company Socket on September 15, 2025. At the time of writing, over 500 packages have been affected, and the number continues to grow. The attack involves a self-propagating malware variant dubbed Shai-Hulud, which spreads via credential theft and automated package publishing. The campaign escalated rapidly, including compromise of packages published by CrowdStrike.

This notice aims to raise awareness about growing risks in software development and packaging practices within the npm ecosystem that can lead to large-scale compromises. The incident highlights ongoing exploitation of known attack vectors, including credential theft, package impersonation, and automated propagation, all of which undermine the integrity of widely used package ecosystems like npm.

Description

npm is the default package manager for Node.js. It provides a global registry and command-line interface that helps developers install, manage, and share JavaScript packages and dependencies. It simplifies the integration of third-party code through the use of the package.json and package-lock.json files, which ensure dependency consistency and reproducibility.

The compromise likely began with a credential harvesting campaign, where a postinstall script led to the execution of a malicious bundle.js file. postinstall scripts are an npm feature that allow code execution following package installation. The bundle.js script scanned the target environment for exposed secrets in code and configuration files. The bundle.js file downloaded and used TruffleHog, typically used for legitimate secret scanning, to harvest credentials stored as environment variables or secrets used by continuous integration and continuous delivery (CI/CD) platforms such as GitHub Actions, GitLab CI, Jenkins, and others. The malware self-propagated using the stolen credentials to publish itself to other repositories and package registries, effectively turning compromised environments into new infection vectors.

A key mechanism of propagation was the automatic “trojanization” of CI/CD tools, a known attack vector with wide-reaching implications across ecosystems. GitHub Actions was one such capability that was abused, previously seen in attacks like the Nx package compromise in August of 2025. Another known contributor to the attack was the abuse of the postinstall script capability in npm. This technique has been exploited in previous incidents, such as the event-stream attack in 2018. These vulnerable software development and design methods in npm have been duly abused in this combined attack.

Impact

At the time of publication, over 500 packages have been confirmed to be compromised by the Shai-Hulud malware. Socket is maintaining a live list of affected packages on their website. Organizations using CrowdStrike products should also inspect their npm package dependencies, as the npm account used to manage and publish packages for CrowdStrike was allegedly compromised.

Solution

GitHub has released a public advisory detailing additional security changes being made to their package systems. CISA has also released a security advisory.

For npm Users

• Audit and replace compromised packages: Remove any affected package versions and replace them with known safe versions.
• Lock dependencies: Use package-lock.json or npm i --package-lock-only to lock resolved dependency versions without executing install scripts, allowing safe auditing. For packages that will be redistributed, locally or otherwise, use npm shrinkwrap to lock all direct and transitive dependency versions for reproducible installs.
• Use internal mirrors: Set up an internal npm registry using tools like Verdaccio or Artifactory, and centrally approve packages before allowing internal use.
• Disable postinstall scripts: Use npm install --ignore-scripts where feasible to prevent malicious code execution during package installation.

For npm Developers

• Rotate all exposed credentials: Immediately revoke and rotate any CI/CD-related tokens or secrets (GitHub, GitLab, Jenkins, etc.) that may have been exposed.
• Enforce least privilege: Use scoped tokens with minimal permissions, and isolate build environments to ensure untrusted code never has access to publishing credentials, especially when using GitHub Actions or similar CI/CD platforms.

Acknowledgements

This document was written by Christopher Cullen.