Recent npm Supply Chain Attacks and Security Enhancements
A series of high-profile supply chain attacks targeted the npm ecosystem, compromising hundreds of packages and exposing sensitive data. The s1ngularity attack exploited a vulnerability in GitHub Actions to steal npm publishing tokens for Nx packages, leading to the distribution of credential-harvesting malware and the public exposure of thousands of private repositories and secrets. Another incident involved a phishing campaign against a prominent npm maintainer, resulting in the compromise of widely used packages such as debug and chalk. These attacks highlighted the persistent risks posed by weak CI/CD protections, compromised dependencies, and social engineering tactics.
In response to these incidents, GitHub implemented stricter security measures for npm package publishing. The new requirements include mandatory two-factor authentication (2FA) for all local publishing, limiting token lifetimes, and promoting trusted publishing workflows. Legacy authentication methods are being deprecated in favor of FIDO-based 2FA, and developers must now use hardware security keys, biometrics, or authenticator apps for authentication. These changes aim to reduce the risk of account takeovers and malware injection, but experts warn that additional security practices are necessary to address other attack surfaces within the software supply chain.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Researchers publish analysis of recent npm supply chain compromises
Security researchers published follow-up analyses of recent npm ecosystem compromises, documenting lessons learned from the incidents and evaluating the effectiveness of npm's new protections. These reports indicate the compromises had already occurred before the analyses were released.
npm introduces new security measures after recent package compromises
npm rolled out new security steps intended to reduce the risk of account and package compromise in the wake of recent attacks affecting the ecosystem. The measures were in place by late October 2025, when security researchers were assessing whether they would be sufficient to stop similar incidents.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Supply Chain Risks in GitHub and npm Package Ecosystems
Recent analysis has revealed a critical security flaw in how package managers such as npm, Bun, and PyPI handle dependencies sourced directly from GitHub repositories. When specifying a dependency using a commit SHA, if that SHA exists in a forked repository, the package manager may pull code from the fork rather than the intended source, allowing attackers to inject malicious code by manipulating forks. This vulnerability is exacerbated by the lack of visibility into GitHub's internal network of forks, making it difficult for security tools and registries to detect or warn about such attacks, as demonstrated by incidents involving actors like Shai Hulud. In parallel, AWS Security has reported on their response to recent large-scale npm supply chain threat campaigns, including the Nx package compromise, the Shai-Hulud worm, and a token-farming campaign that resulted in over 150,000 malicious packages being identified. These incidents highlight the growing sophistication and scale of attacks targeting open-source software supply chains, and underscore the need for improved detection, response workflows, and collaboration across the security community to mitigate these evolving threats.
Mar 21, 2026
npm Supply-Chain Attacks Steal Developer Tokens and Enable Cloud Compromise
Threat actors are using **malicious npm packages** to steal developer credentials and CI/CD secrets, enabling rapid escalation into cloud environments. Google reported that **UNC6426** leveraged keys stolen during the earlier compromise of the *nx* npm ecosystem to pivot from a stolen developer GitHub token into **AWS administrative access within 72 hours**, abusing **GitHub-to-AWS OpenID Connect (OIDC) trust** to create a new admin role. The actor then used that access to **exfiltrate data from AWS S3** and conduct **destructive actions** in production cloud environments; the initial *nx* compromise involved a GitHub Actions `pull_request_target` workflow abuse (“**Pwn Request**”) that enabled publishing trojanized packages containing a `postinstall` chain that executed the **QUIETVAULT** JavaScript credential stealer and uploaded stolen data to a public GitHub repo (`/s1ngularity-repository-1`). Separately, researchers reported new waves of the **PhantomRaven** npm supply-chain campaign distributing **88 additional malicious packages** (via ~50 disposable accounts) that target JavaScript developers by exfiltrating secrets from files like `.gitconfig` and `.npmrc`, environment variables, and CI/CD tokens (e.g., GitHub/GitLab/Jenkins/CircleCI). The campaign uses **slopsquatting** (LLM-suggested lookalike package names) and a stealth technique called **Remote Dynamic Dependencies (RDD)**, where `package.json` pulls a dependency from an external URL so the malicious payload is fetched at install time (`npm install`) and can evade static package inspection; researchers indicated many of these packages remained available in the npm registry at the time of reporting.
Mar 21, 2026
Shai-Hulud Infostealer Supply Chain Attack on npm Ecosystem
A major supply chain attack targeted the npm ecosystem in September 2025, where an infostealer with worm-like characteristics, dubbed **Shai-Hulud**, compromised over 500 npm packages. The attack leveraged a previous compromise of the `s1ngularity/nx` project, exploiting CI/CD pipeline credentials and propagating through both direct and indirect dependencies. Security researchers confirmed that attackers exfiltrated GitHub and npm tokens, enabling them to inject malicious code into widely used packages and potentially access internal networks, move laterally, or tamper with software releases. The incident highlighted the persistent risks associated with CI/CD pipeline security, as attackers exploited overlooked access to secrets such as API keys and deployment tokens. The scale of the attack forced engineering and security teams worldwide to spend significant resources cleaning compromised environments and assessing exposure, even though the direct financial impact was limited. The event underscored the need for enhanced runtime security monitoring, such as eBPF-based sensors, and stricter controls on package publishing and consumption to defend against similar threats in the future.
Mar 21, 2026