A new alert issued by multiple cybersecurity research groups and consultants has gained widespread attention due to its serious implications for supply chain attacks. Threat actors have successfully compromised the NPM ecosystem, through a self-replicating computer worm named“Shai-Hulud”.NPM is recognized as the largest open-source software component library, used by millions of developers for web and software projects.
The severity of the incident lies not only in the infection itself but also in the stealthy and extensive propagation methods of this worm across the global software supply chain.
Event description
In September 2025, a massive attack was identified against NPM ecosystem (Node Package Manager) where more than 40 packages were compromised. Initial investigations indicate that the attackers managed to hijack several maintainers’ accounts, injecting malicious payloads into legitimate package versions. These payloads were configured to exfiltrate credentials, API keys and even cryptocurrency wallets from both development and production environments.
This incident has been considered one of the most significant supply chain attacks of 2025, not only because of the number of affected packages but also due to the temporary disruption of thousands of CI/CD pipelines that depended on them.
What makes this attack particularly dangerous is its self-propagating capability. Once a package was compromised, the malware included a function that automatically downloaded, modified, and injected malicious code into other packages maintained by the same compromised account.
In essence, each infected package became a new distribution point, creating a domino effect throughout the ecosystem.
Preliminary Impact on the NPM Ecosystem
Among the compromised packages were several fundamental dependencies that millions of developers rely on daily. Some of the most popular include:
- chalk (~300 million weekly downloads): Essential for terminal text formatting.
- debug (~357 million weekly downloads): A nearly ubiquitous debugging utility.
- strip-ansi (~261 million weekly downloads): Used to process ANSI codes.
- color-convert (~193 million weekly downloads): For color space conversions.
- crypto-utils (~1,200 weekly downloads): Cryptographic utilities for hashing and random number generation.
- data-formatter (~11.4 million weekly downloads): Functions for formatting and transforming data, especially dates.
When evaluating the overall impact on today’s JavaScript ecosystem, the infection potentially extended to:
- Frontend applications built with React, Angular, and Vue.js.
- Backend applications developed with Node.js and Express.
- Development tools such as Webpack, Rollup, and Vite.
- CI/CD systems running automated build pipelines.
A Viral Twist Involving CrowdStrikeA Viral Twist Involving CrowdStrike
One of the most concerning findings was the discovery of 22 fake packages using the namespace @crowdstrike, with names such as:
- @crowdstrike/commitlint
- @crowdstrike/falcon-shoelace
- @crowdstrike/foundry-js
- @crowdstrike/logscale-dashboard
Although CrowdStrike confirmed that these malicious packages did not affect its Falcon sensor or compromise client data, this situation demonstrates how attackers exploited brand reputation to amplify credibility — especially in the wake of parallel news surrounding CrowdStrike, such as the BSOD incident in June, 2024.
Analysis of the Shai-Hulud Attack Chain
According to the MITRE ATT&CK framework the Shai-Hulud attack sequence involves approximately nine key tactics:
1. Initial Infiltration
- Targeted phishing: Emails impersonating official NPM security alerts.
- Credential theft: Victims unknowingly expose their login information.
- Account compromise: Attackers gain full control of the developer’s NPM account.
2. Malware Deployment Phase
- Malicious publication: Upload of infected NPM packages.
- Automatic execution: Malicious JavaScript runs upon installation.
- Persistence: Unix shell scripts embedded to maintain access.
3. Escalation and Propagation Phase
- GitHub authentication: Using stolen tokens to access GitHub APIs.
- Repository enumeration: Mapping accessible repositories (including private ones).
- Mass cloning: Copying private repositories to attacker-controlled accounts.
- Malicious workflows: Creating automated branches to continuously extract data.
4. Data Exfiltration Phase
- Tool installation: Deployment of TruffleHog for secret scanning.
- Sensitive data extraction: Automated search for credentials and keys.
- Public exposure: Switching private repos to public with full commit history.
- Data transmission: Automated exfiltration through web requests.
5. Impact and Scalability
- Chain propagation: One compromised account triggers massive infection.
- Full automation: Minimal attacker effort after initial deployment.
- Mass compromise: Hundreds of packages potentially affected before detection.
- Trust erosion: Significant impact on open-source software adoption.
Additional Packages and Indicators of Compromise (IoCs)
Efforts to document and share verified information with corporate security teams have led to frequent updates of public repositories listing affected packages. One example is a GitHub Gist provided by Checkmarx Ltd., containing nearly 198 identified packages.
Other notable IoCs:
| Type | IoCs | Description |
|---|---|---|
| URL | https://webhook[.]site/bb8ca5f6-4175-45d2-b042-fc9ebb8170b7 | Unique testing endpoint for webhooks and HTTP requests |
| File | 46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09b74caeaa75e077c99f7d44f46daaf9796a3be43ecf24f2a1fd381844669da777dc67467a39b70d1cd4c1f7f7a459b35058163592f4a9e8fb4dffcbba98ef210c4b2399646573bb737c4969563303d8ee2e9ddbd1b271f1ca9e35ea78062538db | Associated with a JavaScript file named “bundle.js” |
| File | “shai-hulud-workflow.yml” | GitHub workflow associated with the detected repositories |
| Workflow name | “shai-hulud” | Identifies the automated attack process |
Recommended Immediate Response Actions
- Organizations are urged to conduct a full audit of all dependencies used by their development teams. The following actions are recommended:
- Rotate all credentials, including:
- NPM and GitHub tokens
- AWS keys and cloud credentials
- API secrets and security certificates
- CI/CD system credentials
- Adopt defensive development practices for dependency management:
- Verify checksums and cryptographic signatures.
- Run npm audit continuously in CI/CD pipelines.
- Enforce lock files (package-lock.json).
- Integrate automatic vulnerability scanning into build workflows.
- Set up alerts for unexpected dependency changes.
- Leverage tools such as Snyk, Socket, or Dependabot for proactive monitoring.
Conclusions
We are at a turning point: either we allow attacks like these to gradually erode trust in open-source software, or we use them as catalysts to build a more secure and resilient ecosystem that benefits the global developer community.
The future of software security depends on our collective ability to learn from incidents like “Shai-Hulud”. and to design stronger defenses against the next generation of cyber threats.
References:
- https://www.trendmicro.com/en_us/research/25/i/npm-supply-chain-attack.html
- https://thehackernews.com/2025/09/40-npm-packages-compromised-in-supply.html
- https://www.dynamisllp.com/knowledge/npm-supply-chain-attack-crypto-security-2025
- https://checkmarx.com/zero-post/npm-hit-by-shai-hulud-the-self-replicating-supply-chain-attack/
- https://arcticwolf.com/resources/blog-uk/wormable-malware-cause-supply-chain-compromise-of-npm-code-packages/
- https://www.paloaltonetworks.com/blog/cloud-security/npm-supply-chain-attack/
