You have 1 article left to read this month before you need to register a free LeadDev.com account.
Estimated reading time: 3 minutes
A fast-moving worm has compromised more than 180 npm packages – and may mark a turning point for software supply chain security
After years of high-profile package compromises – from event-stream to the recent Nx breach – npm is once again in the spotlight. Over the past week, a self-replicating worm has made its way through the world’s largest JavaScript package repository, compromising at least 180 packages and exposing credentials from maintainers and developers along the way.
Because many of the affected packages sit deep in dependency chains, the attack is likely to have touched thousands of downstream applications and developers – far more than the raw number of packages suggests.
The campaign, now dubbed “Shai-Hulud” – yes, after the sandworms from Dune – represents the most aggressive supply chain attack on npm this year, and a warning shot for engineering leaders who still treat package security as a box-ticking exercise.
Your inbox, upgraded.
Receive weekly engineering insights to level up your leadership approach.
A worm that spreads itself
The attack itself is both clever and frighteningly efficient. It begins with a stolen npm token or compromised maintainer account, often phished or leaked in a past breach. Malicious code is added to the affected package and pushed to the registry. When developers pull the package into a project, its installation script runs automatically and scours the local environment for credentials, cloud tokens, and access keys.
Before moving to the next stage, the malware runs the TruffleHog, an open-source secret scanning tool, to hunt for Amazon Web Services (AWS) keys, Google Cloud Platform (GCP) and Microsoft Azure service credentials, GitHub personal access tokens, cloud metadata endpoints, and npm authentication tokens, giving the attacker a clear path to escalate access.
Then comes the worm-like behaviour: it takes any valid npm tokens it discovers and uses them to republish itself into other packages under the compromised maintainer’s control. This lateral spread is largely automated, meaning the attacker doesn’t need to manually compromise each new target. The campaign also broadcasts its findings, publishing stolen secrets to public GitHub repositories and using GitHub Actions to send data to attacker-controlled endpoints. In some cases, private source code repositories were made public during exfiltration, compounding the impact.
According to Aikido malware researcher Charlie Eriksen, the same attacker behind the late-August Nx compromise appears to be responsible for Shai-Hulud. In that earlier campaign, developers’ secrets were dumped onto public GitHub pages, foreshadowing the more aggressive tactics now being used.
“The scale, scope and impact of this attack is significant,” Eriksen said. “The attackers are using the same playbook in large parts as the original attack, but have stepped up their game.”
That Nx attack relied on credential theft and manual publishing, and was disruptive enough that many teams scrambled to rotate credentials and audit build pipelines. Shai-Hulud takes those same tactics and supercharges them with automation, showing how quickly attackers are iterating. Where Nx was a single-package incident, this campaign demonstrates what happens when compromise turns worm-like and spreads without human intervention.
A stress test for software supply chains
The fallout is still being tallied. Security teams are rushing to revoke tokens, remove compromised versions, and audit CI/CD pipelines. Packages linked to major vendors, including CrowdStrike, have been caught in the crossfire, a stark reminder that even mature security organisations are not immune to supply chain risk.
For engineering leaders, this is more than just another npm scare. It’s a stress test of organizational readiness for supply chain attacks that propagate automatically, harvest secrets at scale, and exploit the trust inherent in open source software ecosystems.
The message is clear: supply chain security can’t wait until after an incident. Know your dependencies, lock them down, and keep build pipelines tightly permissioned. Routine tasks like trimming unused packages, rotating credentials, and scanning for secrets should be part of day-to-day development, not a scramble when things go wrong.
The npm ecosystem isn’t going anywhere, and attackers know it. Shai-Hulud shows that writing code is only half the job – protecting the pipelines that ship that code is just as critical.
October 15-17, 2025
New York is almost here. Book your spot today.
