A major npm supply chain attack has compromised more than 40 Node Package Manager (npm) packages, injecting a malicious script called bundle.js to steal sensitive developer credentials. According to security researchers, the campaign, dubbed the Shai-Hulud attack, uses the open-source tool TruffleHog (TruffleHog Secret Scanner) to extract secrets such as GitHub personal access tokens, Node Package Manager (npm) tokens, and Amazon Web Services (AWS) cloud keys. The stolen information is then exfiltrated to attacker-controlled servers, affecting both Microsoft Windows and Linux environments and posing a serious threat to developers and the broader open-source ecosystem.

TL;DR

Over 40 npm packages were trojanized with a malicious script called bundle.js that runs TruffleHog to steal credentials including GitHub tokens, npm tokens, and AWS cloud keys. The attack, called Shai-Hulud, spreads automatically to downstream projects, creating a cascading compromise. Developers should immediately audit environments and rotate exposed secrets.

How the Attack Works

Security company Socket discovered that the compromised packages include a malicious function, NpmModule.updatePackage. This function downloads the package tarball, alters the package.json file, injects the bundle.js script, and republishes the package. The result is an automated trojanization process that ensures any downstream projects depending on these packages are also infected.

The bundle.js script runs TruffleHog Secret Scanner, a legitimate open-source tool, but in this case abused to search local environments for sensitive information. Tokens and keys such as GITHUB_TOKEN, NPM_TOKEN, and AWS_ACCESS_KEY_ID are collected and validated. Once harvested, these credentials are transmitted to an attacker-controlled server.

Why This Attack Is Dangerous

Unlike earlier npm supply chain incidents, this campaign is notable because it doesn’t just compromise packages in isolation. It also introduces persistence by creating a GitHub Actions workflow inside .github/workflows. This workflow can survive on repositories and trigger exfiltration of credentials during future Continuous Integration and Continuous Deployment (CI/CD) pipeline runs.

This ability to spread through pipelines means even after initial cleanup, the attack can continue to harvest data in subsequent builds. The malware also attempts cloud metadata discovery, allowing it to steal short-lived credentials from cloud build agents.

Quick Reference: Impacted Packages

The table below highlights some of the most widely used npm packages confirmed as compromised in this attack:

This is not a complete list, but it shows how both community-maintained and enterprise-scoped packages were impacted, including those tied to CrowdStrike-publisher.

Vendor Response and Industry Reaction

A CrowdStrike spokesperson confirmed that the malicious versions were removed swiftly and emphasized that the Falcon endpoint protection platform was not impacted. As a precaution, keys in public registries were rotated and collaboration with npm maintainers began immediately.

Security platforms including Socket, StepSecurity, and OX Security warned that this incident highlights a worrying evolution. The attack is not only sophisticated in targeting credentials but also self-propagating, creating a cascading effect across the npm ecosystem.

The Shai-Hulud Campaign

Researchers named this campaign Shai-Hulud, a nod to its wide and uncontrollable spread. The malware collects all harvested data into a JavaScript Object Notation (JSON) file and uploads it to a GitHub repository named Shai-Hulud using the GitHub /user/repos API.

Investigations by OX Security found at least 34 compromised GitHub accounts that contained the repository. Each included a data.json file with encoded credentials, suggesting a broad and ongoing credential theft operation.

Related Threat: crates.io Phishing

At the same time, the Rust Security Response Working Group warned developers of a phishing campaign targeting the Rust ecosystem’s package registry, crates.io.

Phishing emails were sent from security@rustfoundation[.]dev, falsely claiming a compromise of crates.io. Victims were urged to click a malicious link, github.rustfoundation[.]dev, which mimicked GitHub’s login page to steal credentials.

The Rust Foundation confirmed there was no compromise of crates.io and has since taken down the malicious domain. Monitoring of suspicious activity on crates.io continues.

What Developers Should Do

Given the scope of this incident, developers are strongly advised to:

• Audit environments for any use of the compromised npm packages.
  
• Rotate npm tokens, GitHub personal access tokens, and AWS keys immediately.
  
• Inspect repositories for suspicious GitHub Actions workflows created in .github/workflows.
  
• Review recent CI/CD pipeline runs for unusual exfiltration activity.
  

 The Shai-Hulud npm supply chain attack is a clear signal that attackers are advancing beyond simple package hijacks. By embedding persistence mechanisms and automating propagation, they are raising the stakes for the entire open-source ecosystem. Developers must treat package dependencies as part of their security perimeter and adopt stronger monitoring and credential management practices.