Self-Spreading Shai-Hulud Malware Compromises 180+ npm Packages
A large-scale npm supply-chain attack dubbed Shai-Hulud compromised more than 180 packages, with reports placing the total at 187 affected packages and describing it as one of the most severe npm ecosystem breaches to date. Researchers said the malware was self-spreading, allowing it to propagate from one compromised package to others, dramatically expanding the blast radius beyond the initially identified set of roughly 40 packages. The campaign affected widely used JavaScript dependencies and raised concern that malicious code could be pulled into downstream builds and production environments through routine package installation and update workflows.
Reporting linked the incident to high-profile package ecosystems and said the fallout touched organizations and projects including CrowdStrike and the popular color library tinycolor, underscoring the risk to both enterprise software pipelines and open-source consumers. Security coverage described the operation as a major software supply-chain compromise in which trusted packages were altered and then redistributed through npm, creating a path for malware to spread through developer environments and CI/CD systems. The incident prompted urgent calls for maintainers and defenders to identify affected dependencies, review package provenance, and rotate credentials or rebuild environments where compromised packages may have executed.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Technical analysis describes self-spreading malware behavior
Researchers reported that the npm supply-chain attack involved self-propagating malware capable of compromising additional packages, indicating the incident was not limited to isolated package takeovers. Public write-ups characterized the malware's propagation as a major escalation in npm ecosystem risk.
Researchers link the npm campaign to major downstream impact
Security reporting identified the Shai-Hulud npm compromise as affecting hundreds of popular packages and noted downstream exposure for organizations including CrowdStrike through impacted dependencies such as tinycolor-related packages. This marked a broader understanding of the campaign's ecosystem-wide reach.
Shai-Hulud compromises dozens of npm packages
A supply-chain attack attributed to malware dubbed Shai-Hulud compromised more than 40 npm packages, with later reporting putting the total at roughly 180-187 affected packages. The campaign spread through package maintainer environments and malicious package updates published to npm.
Sources
3 references tracked. Mallory keeps watching after this page renders.
NPM Supply Chain Attack: 187 Packages Compromised by Self-Spreading Malware
mend.io
Open source180+ NPM Packages Hit in Major Supply Chain Attack | OX Security NPM Supply Chain Hack: 40+ Packages Compromised Shai-Hulud,
ox.security
Open sourceLive Updates: Shai-Hulud, The Most Dangerous NPM Breach In History Affecting CrowdStrike and Hundreds of Popular Packages
koi.ai
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Shai-Hulud Worm and Related Malicious NPM Package Attacks Targeting Software Supply Chains
A large-scale supply chain attack has targeted the Node Package Manager (NPM) ecosystem, compromising hundreds of widely used JavaScript packages and threatening the security of software development pipelines globally. In mid-September, cybersecurity researchers identified a self-propagating malware dubbed "Shai-Hulud," which was distributed through trojanized NPM packages, including some with millions of weekly downloads and high-profile packages such as those from CrowdStrike. The attack leveraged a malicious "bundle.js" script that downloaded and executed TruffleHog, a legitimate credential scanner, to harvest developer and CI/CD tokens, cloud service credentials, and environment variables from compromised systems. The stolen credentials were exfiltrated via hard-coded webhooks and GitHub Actions workflows, enabling the attacker to further propagate the malware and gain unauthorized access to sensitive resources. The campaign affected both Windows and Linux systems, increasing its reach and impact across diverse development environments. Sysdig reported that the attack on September 15 involved approximately 200 compromised packages, including @ctrl/tinycolor, and was linked to an attacker who had previously targeted Nx packages in late August. The worm not only stole secrets but also published them publicly on GitHub and attempted to make victim repositories public, amplifying the risk of further compromise. Earlier in the month, other popular packages such as chalk, debug, and duck were also compromised following a successful spear phishing attack against a maintainer, with the attacker seeking to redirect cryptocurrency payments. NPM responded by removing the malicious package versions, but users were required to update or revert to secure versions to mitigate the risk. Sysdig provided same-day threat intelligence and detection capabilities to its customers, including open source Falco rules to identify and respond to the threat. The attack demonstrated the vulnerability of even the most trusted and widely used open source packages, highlighting the importance of continuous monitoring and rapid response in the software supply chain. Security researchers and vendors emphasized the need for organizations to scan their environments for known malicious packages, such as dist.fezbox.cjs, and to review logs for signs of credential exfiltration. The incident underscored the evolving tactics of threat actors targeting developer ecosystems, using advanced techniques to automate propagation and maximize impact. Organizations relying on NPM packages and CI/CD pipelines were urged to remain vigilant, update dependencies promptly, and leverage threat intelligence resources to defend against similar attacks. The Shai-Hulud campaign remains an evolving threat, with ongoing analysis and mitigation efforts by the security community. This incident serves as a stark reminder that popularity and trust in open source packages do not guarantee safety, and proactive security measures are essential to protect software supply chains from compromise.
Mar 21, 2026
Shai-Hulud npm Worm Expanded Into Cross-Ecosystem Supply Chain Attacks
A supply-chain malware campaign known as **Shai-Hulud** compromised hundreds of packages in the npm ecosystem and later spread into both npm and PyPI, using stolen maintainer credentials and trusted publishing workflows to push trojanized releases. Early reporting said the worm affected more than 500 npm packages, searched infected developer and CI/CD environments for GitHub Personal Access Tokens, cloud API keys, and other secrets, and exfiltrated them to attacker-controlled infrastructure and public GitHub repositories. GitHub removed hundreds of malicious packages, while CISA urged organizations to review dependencies, check for cached malicious packages, rotate credentials, and enforce phishing-resistant MFA for developer accounts. Later waves became more aggressive and broader in scope. Researchers said a second campaign hit hundreds more npm packages and had a blast radius exceeding **27,000 repositories**, abusing `preinstall` and other lifecycle hooks to steal secrets, hijack GitHub Actions, self-propagate into additional packages, and in some cases deploy a conditional wiper-like payload. A subsequent **Mini Shai-Hulud** wave affected more than 170 packages across npm and PyPI, including packages tied to TanStack, Mistral AI, OpenSearch, Guardrails AI, UiPath, and others; it used files such as `router_init.js`, invoked Bun through malicious package scripts, targeted npm, GitHub, cloud, Kubernetes, Vault, and CI/CD credentials, and demonstrated that provenance and OIDC-based trusted publishing can still be abused when attacker-controlled code runs inside legitimate release workflows.
May 25, 2026
Shai-Hulud Malware Supply Chain Attack on NPM Packages Targeting Zapier and ENS Domains
A new variant of the Shai-Hulud malware, dubbed "Sha1-Hulud: The Second Coming," has compromised over 70 npm packages, including those associated with Zapier and ENS Domains. The attack involves malicious code that steals developer credentials and publicly exposes them by creating thousands of GitHub repositories labeled with the campaign's name. This incident represents a significant escalation in supply chain attacks within the JavaScript ecosystem, with the malware demonstrating advanced self-propagation capabilities and surpassing the impact of previous Shai-Hulud campaigns within hours of detection. Security researchers have urged immediate action for developers and organizations using npm packages, recommending checks for compromised package versions, auditing of GitHub accounts for unauthorized repositories, and remediation steps such as removing affected `node_modules` directories and clearing npm caches. The attack highlights the ongoing risks posed by supply chain threats in open-source ecosystems and the need for vigilant monitoring and rapid response to emerging malware campaigns.
May 12, 2026