Software Supply-Chain Attacks Abusing GitHub and npm Dependency Mechanisms
Security researchers reported two distinct software supply-chain abuse paths that can make malicious code appear to originate from trusted sources. GMO Cybersecurity by Ierae described an active campaign dubbed “repo squatting” that abuses how GitHub renders and links commits from forks: a commit made in an attacker-controlled fork can be viewed under the upstream project’s URL structure, enabling convincing links like github.com/<official-org>/<repo>/commit/<hash> that appear to belong to the official repository. The campaign targeted the GitHub Desktop project by distributing a trojanized installer carrying HijackLoader, with the malicious download link presented in a way that could mislead users and some security tooling into believing it came from the official repo.
Separately, Koi researchers disclosed PackageGate weaknesses in JavaScript dependency tooling that allow bypassing npm’s post–Shai-Hulud mitigations when installing Git-based dependencies. They reported that a malicious .npmrc in a Git dependency can override the git binary path, enabling code execution even when lifecycle scripts are disabled (e.g., --ignore-scripts=true), affecting multiple tools (including pnpm, vlt, Bun, and npm). Vendors reportedly addressed the issue in the non-npm tools, while npm closed the report as “works as expected,” and researchers cited evidence of prior proof-of-concept abuse (e.g., reverse shell) indicating practical exploitation risk for organizations relying on Git dependencies in CI/CD and developer environments.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
GitHub says it is working on npm PackageGate protections
GitHub told BleepingComputer it is working to address the npm-related issue and is actively scanning the npm registry for malware. It also recommended trusted publishing, granular access tokens, and enforced two-factor authentication to strengthen supply-chain security.
pnpm, vlt, and Bun ship fixes for PackageGate issues
Following Koi's disclosure, Bun, vlt, and pnpm addressed the reported PackageGate problems, with pnpm assigning two CVEs to its fixes. npm did not issue a fix at that time and reportedly closed the report as works as expected.
Koi reports PackageGate flaws to JavaScript tool vendors
Researchers at Koi disclosed a set of weaknesses dubbed PackageGate affecting JavaScript dependency tools including pnpm, vlt, Bun, and npm. The flaws allowed Git-based dependencies and malicious configuration such as .npmrc to bypass protections like --ignore-scripts=true and achieve code execution.
GitHub repo-squatting issue remains reproducible
Researchers said the repository URL spoofing behavior was still reproducible months after disclosure, indicating the underlying issue had not been fully addressed. They specifically confirmed this status as of late December 2025.
Repo-squatting campaign targets GitHub Desktop users
During September and October 2025, threat actors abused the commit URL rendering quirk to distribute a trojanized installer masquerading as part of the official GitHub Desktop repository. The payload delivered was identified as HijackLoader.
GitHub is notified of repo-squatting commit URL abuse
GMO Cybersecurity by Ierae, Inc. reported to GitHub that attackers could abuse fork and commit URL rendering to make malicious commits appear to belong to an upstream official repository. GitHub acknowledged awareness of the issue on this date.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Software Supply Chain Threats Targeting Open-Source Ecosystems and Developer Tooling
Open-source software supply chain risk continued to escalate, with reporting citing **454,600+** newly identified malicious packages across major repositories (including **PyPI, npm, Maven Central, NuGet, and Hugging Face**) and tactics ranging from **credential theft** to **multi-stage attacks** and even early **self-replicating** package malware. The activity reportedly concentrated heavily in **npm**, including high-volume “ecosystem flooding” (e.g., single accounts publishing **150,000+** malicious packages in days) and **hijacking of trusted projects**, exploiting developer reliance on superficial trust signals such as package names, READMEs, and download counts. Separately, researchers disclosed **“PackageGate”** vulnerabilities in JavaScript package managers (**npm, pnpm, vlt, and Bun**) that can bypass common post-incident defenses—namely `--ignore-scripts` and lockfile integrity—enabling malicious code execution via compromised dependencies. Koi Security reported six issues; **pnpm, vlt, and Bun** shipped fixes, while **npm** reportedly treated the behavior as expected. In parallel, threat actors abused **GitHub’s fork architecture** to distribute a spoofed *GitHub Desktop* installer promoted via search ads; execution deployed **HijackLoader** and established persistence via a **scheduled task**, underscoring that supply chain threats extend beyond package registries into developer tooling distribution channels.
Mar 21, 2026
Supply Chain Risks in GitHub and npm Package Ecosystems
Recent analysis has revealed a critical security flaw in how package managers such as npm, Bun, and PyPI handle dependencies sourced directly from GitHub repositories. When specifying a dependency using a commit SHA, if that SHA exists in a forked repository, the package manager may pull code from the fork rather than the intended source, allowing attackers to inject malicious code by manipulating forks. This vulnerability is exacerbated by the lack of visibility into GitHub's internal network of forks, making it difficult for security tools and registries to detect or warn about such attacks, as demonstrated by incidents involving actors like Shai Hulud. In parallel, AWS Security has reported on their response to recent large-scale npm supply chain threat campaigns, including the Nx package compromise, the Shai-Hulud worm, and a token-farming campaign that resulted in over 150,000 malicious packages being identified. These incidents highlight the growing sophistication and scale of attacks targeting open-source software supply chains, and underscore the need for improved detection, response workflows, and collaboration across the security community to mitigate these evolving threats.
Mar 21, 2026
JavaScript Supply-Chain Risk: Malicious npm Package and Package Manager Guardrail Bypasses
Security researchers reported an npm supply-chain compromise involving a malicious package, `polymarket-clob`, that targeted cryptocurrency users by exfiltrating sensitive local files (including `.env`, `wallets.json`, and `keys/*.json`) to attacker-controlled infrastructure. The package was published in the npm registry, downloaded at least 189 times (lower bound), and later removed and replaced with a security placeholder; analysis of the code and infrastructure pivoting linked the campaign to broader activity consistent with wallet-drainer operations and **Vidar** stealer-related infrastructure, including reuse of SSH fingerprints and consistent hosting patterns. Separately, researchers disclosed **six JavaScript “zero-day” bypass issues** across multiple package managers—**npm, pnpm, vlt, and Bun**—that undermine common defensive controls used to reduce supply-chain risk, including disabling lifecycle scripts and relying on lockfile integrity. The issues (dubbed **“PackageGate”**) reportedly enable paths to regain install-time code execution or weaken integrity guarantees via mechanisms such as Git dependency handling, tar extraction behaviors, and incomplete integrity coverage for URL-based tarballs; pnpm, vlt, and Bun were reported as patched, while npm characterized the behavior as “works as expected,” raising concern that package-manager-level weaknesses could enable large-scale compromise even in hardened environments.
Apr 12, 2026