Cybersecurity researchers have uncovered a major software supply chain attack targeting the npm registry, compromising more than 180 packages in its initial phase and eventually spreading to over 500 packages. The attack leverages a self-replicating worm, making it one of the most serious threats seen in the JavaScript ecosystem.
How the Attack Works
The malicious campaign injects harmful code into trojanized packages. Compromised versions include a function named NpmModule.updatePackage, which:
- Downloads a package tarball
- Alters its
package.jsonfile - Injects a malicious script (
bundle.js) - Repackages and republishes it
This process enables automatic trojanization of downstream packages without developer awareness.
The worm uses TruffleHog, a legitimate credential scanning tool, to search infected machines for sensitive information such as:
GITHUB_TOKENNPM_TOKENAWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEY
Platforms at Risk
The malware is capable of infecting both Windows and Linux environments. Once executed, it:
- Validates npm tokens via the
whoamiendpoint - Interacts with GitHub APIs when tokens are available
- Performs cloud metadata discovery to collect short-lived credentials from build environments
The script also abuses compromised GitHub tokens by creating malicious GitHub Actions workflows inside .github/workflows, which ensures persistence even after the initial infection.
Cascading Compromise Across Ecosystem
Security company Socket warned that the worm’s self-propagating nature could trigger a cascading compromise, spreading rapidly across the npm ecosystem.
StepSecurity confirmed that the malware’s behavior represents a dangerous evolution in supply chain threats, since each infected package can automatically spread the attack further.
Shai-Hulud Attack: Over 500 Packages Impacted
The incident has been codenamed the Shai-Hulud attack. In addition to 180+ npm packages, attackers leveraged the “crowdstrike-publisher” npm account to push hundreds of malicious packages, exceeding 500 in total.
Companies like CrowdStrike have clarified that while some of their npm packages were impacted, their Falcon sensor platform remains unaffected.
Researchers from ReversingLabs called this the first self-replicating npm worm, starting from the compromised rxnt-authentication package published on September 14, 2025. The initial infection appears to have originated from the npm account “techsupportrxnt”, believed to be Patient Zero.
Links to Previous Attacks
Security researchers have noted functional overlap with the “s1ngularity attack” that targeted the nx build system in August 2025. Cloud security firm Wiz stated that this new worm is directly downstream of that campaign, warning that it may be one of the most severe JavaScript supply chain attacks to date.
Secrets and Data Exfiltration
Analysis of the leaked data shows that 278 secrets were compromised, including:
- 90 collected from infected developer systems
- 188 stolen via malicious GitHub workflows
The most targeted credentials were GitHub tokens, npm tokens, and AWS keys.
Expert Warnings
Security researchers described the worm’s ability to spread across packages as “true worm-like behavior”, since every published package becomes a new infection vector. Once installed, the malware replicates and propagates through the maintainer’s publishing rights.
Crates.io Phishing Campaign
In a related development, the Rust Security Response Working Group issued a warning about a phishing campaign targeting crates.io users. Attackers used the fake domain rustfoundation[.]dev to impersonate the Rust Foundation, sending emails that tricked developers into rotating their GitHub credentials via a phishing site.
The Rust team confirmed there was no compromise of crates.io infrastructure, but advised developers to stay vigilant and report suspicious activity.
