- Self-propagating "Shai-Hulud" campaign compromised at least 187 npm packages and is still under investigation.
- Attackers abused trusted publisher accounts, injected a bundle.js payload, and used TruffleHog to harvest secrets.
- Malicious post-install scripts targeted CI/CD to exfiltrate environment variables, cloud creds, and tokens.
- ReversingLabs links the outbreak to a malicious rxnt-authentication release on Sept 14, 2025; npm and vendors are purging tainted packages.
Amid heightened scrutiny of open-source risk, a large-scale ataque a la cadena de suministro de npm dubbed “Shai-Hulud” is shaking the JavaScript ecosystem, with hundreds of packages implicated and active cleanup under way. Researchers say the operation blends account compromise, automated publishing, and secret theft in ways that make it unusually hard to contain.
Early analyses point to attackers abusing trusted publisher accounts to push booby-trapped updates, while automation rapidly propagated malicious releases to popular projects. Because npm packages are extensively reused, the cascading impact through dependency trees is particularly concerning for teams that rely on CI/CD pipelines.
How the campaign was spotted
Security researchers first noticed suspicious activity tied to projects that referenced CrowdStrike-related packages, prompting a broader sweep of the registry for anomalies and unauthorized uploads from legitimate-looking accounts. Several targets appear to be common in enterprise environments, increasing the blast radius.
Developer Daniel Pereira publicly warned of a large-scale supply-chain attack after struggling to reach private security channels, urging developers to avoid recent releases of @ctrl/tinycolor, a package with millions of weekly downloads. His alert galvanized coordinated investigation by multiple security teams.
What the malware tries to steal
Once installed, tainted packages can execute post-install scripts designed to exfiltrate environment variables, tokens, and other secrets. This puts build servers and developer workstations at risk if the malicious versions are pulled during install or CI runs.
By aiming at CI/CD systems specifically, the operators sought to capture authentication material such as cloud provider keys, private access tokens, and service credentials. With those in hand, adversaries could move laterally, re-enter networks, and potentially tamper with pipelines or sensitive applications.
How the worm spreads between packages
Investigations indicate the campaign includes a self-spreading component that downloaded each package owned by a compromised maintainer, altered its package.json, injected a bundle.js payload, re-packed it, and re-published it—automating the trojanization of subsequent releases.
The malware also abused the legitimate secrets-scanning tool TruffleHog to hunt for exposed credentials, and referenced configuration files named shai-hulud.yaml—a nod to the sandworms of Dune that inspired the operation’s moniker. This combination of reuse and automation helped the threat move quickly.
Scope and affected packages so far
Researchers from Socket and Aikido have identified at least 187 compromised npm packages to date, with the tally expected to rise as reviews continue. Because even a single tainted dependency can ripple across many projects, the effective exposure could be substantial.
Among the affected were packages associated with CrowdStrike—such as crowdstrike-sdk, crowdstrike-client, and crowdstrike-api—alongside other popular modules. The emphasis on enterprise-referenced libraries suggests the operators pursued maximum operational leverage.
Clues about origin and timeline
ReversingLabs reports that the outbreak likely traces back to a malicious release of rxnt-authentication published on September 14, 2025, with the npm account techsupportrxnt posited as a potential patient zero. How that account was breached remains unclear, with hypotheses ranging from phishing to the abuse of a vulnerable GitHub Action.
Multiple firms describe Shai-Hulud as an unprecedented, self-replicating npm package worm that also steals cloud tokens. While attribution is ongoing, the technical profile underscores how attacker-controlled automation can turn package managers into powerful distribution channels.
Industry response and cleanup
The npm registry and security partners moved to remove malicious packages, notify publishers, and issue guidance for auditing dependencies. Developers are urged to check lockfiles and version histories, especially around mid-September 2025 releases.
CrowdStrike stated it swiftly purged the rogue packages from public npm, proactively rotated keys, and confirmed that its Falcon sensor does not use those modules and customer protections remain in place. The company is collaborating with npm and conducting a comprehensive review.
Practical steps for teams
Organizations should immediately audit projects for known indicators, prioritizing dependency lists, lockfiles, and CI build logs. Rotate any potentially exposed tokens and credentials, including npm tokens, GitHub PATs, and cloud keys.
- Remove or pin affected packages and backtrack to safe versions; rebuild from clean environments.
- Enable mandatory 2FA for npm publisher accounts and enforce least-privilege tokens in CI/CD.
- Continuously scan dependencies and artifacts for tampering; monitor for anomalous post-install behavior.
- Set up alerting for unexpected publishes from your org and verify package integrity before promotion.
To reduce future exposure, introduce automated checks that block suspicious scripts during install, and verify provenance for new or updated dependencies before they reach production. Reviewing maintainer access, repo protections, and signing policies can further harden the chain.
The Shai-Hulud campaign has laid bare how quickly a determined actor can weaponize trust in popular registries, using compromised accounts, worm-like propagation, and secret harvesting to amplify impact; vigilance, rapid remediation, and stronger publisher controls are now immediate priorities for teams across the ecosystem.
