Shai-Hulud NPM Supply Chain Attack Expands to 470+ Packages
Summary: A large-scale malicious campaign, nicknamed the Shai-Hulud attack, has impacted the npm ecosystem with over 500 trojanized packages, including those packages maintained by CrowdStrike. The attack originated from a sophisticated phishing campaign that exploited the fundamental trust relationships within the npm ecosystem.
The JavaScript ecosystem is under a massive threat following a major supply chain attack. Hence, millions of crypto users and developers are now at risk. With more than a billion of these packages downloaded already, thousands of blockchain wallets and applications could be suffer varying exploits.
- Malicious NPM updates spread malware that steals and replaces crypto addresses.
- Developers encouraged developer to cease on-chain operation and inspect HD wallets thoroughly.
The attackers injected malicious scripts that
- Run secret-scanning tools on developer systems,
- Steal GitHub, npm and cloud credentials,
- Insert persistent GitHub Actions workflows for long-term access, and
- Exfiltrate sensitive data to attacker-controlled endpoints.
This attack is ongoing and all users of npm packages should take immediate steps to secure tokens, audit their environments and verify package integrity.
Issue Details
Initial discovery on September 14, 2025, when suspicious versions of @ctrl/tinycolor and ~40 other packages were flagged. By September 16, the attack had spread to include CrowdStrike-namespaced packages and dozens from @ctrl, @nativescript-community, rxnt, @operato, and others.
Malware behavior
- Downloads and runs TruffleHog, a legitimate secret scanner.
- Harvests secrets from local machines and CI/CD agents (npm tokens, GitHub PATs, AWS/GCP cloud keys).
- Writes malicious workflows into .github/workflows (shai-hulud-workflow.yml).
- Continuously exfiltrates findings to a fixed webhook endpoint or pushes them into new GitHub repos under the victim’s account.
Attack Flow
Here are some popular packages with affected versions
| Package | Version |
| @ctrl/ngx-codemirror | 7.0.1, 7.0.2 |
| @ctrl/tinycolor | 4.1.1, 4.1.2 |
| @crowdstrike/foundry-js | 0.19.1, 0.19.2 |
| @crowdstrike/logscale-dashboard | 1.205.1, 1.205.2 |
| @nativescript-community/sqlite | 3.5.2 – 3.5.5 |
| @nativescript-community/text | 1.6.9 – 1.6.13 |
| @nstudio/nativescript-checkbox | 2.0.6 – 2.0.9 |
| @nstudio/angular | 20.0.4 – 20.0.6 |
| eslint-config-crowdstrike | 11.0.2, 11.0.3 |
| remark-preset-lint-crowdstrike | 4.0.1, 4.0.2 |
Attack Indicators
Malicious Workflow Filenames
- .github/workflows/shai-hulud-workflow.yml
- .github/workflows/shai-hulud.yaml
Exfiltration Endpoint
- hxxps://webhook[.]site/bb8ca5f6-4175-45d2-b042-fc9ebb8170b7
Hashes of Malicious Payloads
| SHA-256 Hash | Notes |
| 46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09 | Large batch, Sept 15–16 |
| b74caeaa75e077c99f7d44f46daaf9796a3be43ecf24f2a1fd381844669da777 | CrowdStrike-related packages burst (Sept 16) |
| de0e25a3e6c1e1e5998b306b7141b3dc4c0088da9d7bb47c1c00c91e6e4f85d6 | First observed compromise (Sept 14) |
| 81d2a004a1bca6ef87a1caf7d0e0b355ad1764238e40ff6d1b1cb77ad4f595c3 | Sept 14 small burst |
| 83a650ce44b2a9854802a7fb4c202877815274c129af49e6c2d1d5d5d55c501e | ~25 packages, Sept 14 |
| 4b2399646573bb737c4969563303d8ee2e9ddbd1b271f1ca9e35ea78062538db | Burst of ~17 packages, Sept 14–15 |
| dc67467a39b70d1cd4c1f7f7a459b35058163592f4a9e8fb4dffcbba98ef210c | Multiple reuse across Sept 15–16 |
Recommendations:
Organizations and developers using npm should take immediate actions:
- Uninstall or downgrade
Pin dependencies to known-safe versions until patched releases are confirmed.
- Rotate credentials
Immediately revoke and reissue:
- npm access tokens
- GitHub personal access tokens / org tokens
- Cloud credentials (AWS, GCP, Azure)
- Audit systems
- Inspect developer machines and CI/CD build agents for signs of the malicious bundle.js.
- Check .github/workflows for unauthorized files named “shai-hulud-*”.
- Review repositories for suspicious commits or new repos labeled “Shai-Hulud Migration”.
- Monitor and log
- Search event logs for unusual npm publish activity.
- Investigate GitHub Actions runs designed to exfiltrate secrets.
- Harden pipelines
- Pin package versions and use integrity checks (e.g.- lockfiles, checksums).
- Limit exposure of sensitive tokens in build environments.
- Rotate all build-related secrets regularly.
Conclusion
This incident is significant compromises in the npm ecosystem, impacting hundreds of widely used packages across various namespaces.
The attackers’ tactics such as credential theft, manipulation of GitHub workflows, and widespread package propagation, highlighting the growing sophistication of modern supply chain attacks.
Developers and organizations are strongly advised to take immediate action by removing affected package versions, rotating any exposed secrets, auditing their build environments and strengthening CI/CD security. Continuous monitoring and rapid response are essential to reducing risk and maintaining trust in open-source software.
The attack’s browser API-level operation revealed critical blind spots in enterprise security monitoring, particularly for organizations handling cryptocurrency transactions.
References:
Recent Comments