The npm ecosystem is once again at the center of a major supply-chain security incident. A new wave of malicious activity – referred to as Shai-Hulud 2.0 – has been identified by Wiz researchers Hila Ramati, Merav Bar, Gal Benmocha, and Gili Tikochinski. Their investigation uncovered an extensive and ongoing campaign compromising thousands of GitHub repositories and hundreds of npm package versions.

This post provides a concise overview of the incident, outlines immediate response steps, and details how Sweet Security enhances organizational resilience against supply-chain threats of this nature.

Overview of the Shai-Hulud 2.0 Campaign

The Shai-Hulud 2.0 activity represents a renewed and expanded iteration of a prior npm supply-chain attack. According to research findings, attackers compromised maintainer accounts and used them to publish trojanized versions of legitimate npm packages. These packages included malicious lifecycle scripts – typically executed during the preinstall phase – enabling code execution during package installation across developer workstations, build pipelines, and CI/CD systems.

Key technical observations include:

• Scale of compromise: More than 25,000 GitHub repositories and over 700 malicious npm package versions have been identified so far.
  
• Propagation method: The malware automatically exfiltrates credentials, creates new repositories containing stolen data, and uses the access it obtained to GitHub in order to publish additional compromised package versions – enabling sustained, worm-like propagation.
  
• Credential theft and persistence: Sensitive credentials (GitHub PATs, npm tokens, cloud IAM keys) are harvested and used to maintain persistent access by adding GitHub Actions workflows or modifying repositories.
  
• Execution environment impact: Because execution occurs during dependency installation, any environment performing npm installs – from local developer machines to CI/CD platforms – is within scope.
  

Collectively, these characteristics make Shai-Hulud 2.0 a high-impact, multi-stage supply-chain threat.

Why the Incident Matters

The nature of this campaign has several implications for security teams:

• Breadth of exposure: Even organizations without a direct dependency on the compromised packages may be affected through transitive dependencies.
  
• Developer and CI/CD risk: Installation-time execution expands the attack surface beyond application runtime, targeting the tooling and automation layers that underpin software delivery.
  
• Compounding effects: Once a maintainer account is compromised, all published packages – and their entire downstream ecosystems – become part of the propagation chain.
  
• Long-term access: The addition of unauthorized workflows and repositories introduces persistence mechanisms that can remain undetected without targeted monitoring.
  

Given these factors, timely detection and response is essential.

Immediate Recommended Actions

Organizations using npm should take the following steps:

1. Audit Dependencies
   Review recently updated packages – including transitive dependencies – especially versions published after late November 2025. Pin or revert to known-good versions where possible.
   
2. Reset Local and CI Environments
   Clear npm caches, remove node_modules, and reinstall dependencies from clean sources. Investigate any unexpected artifacts (e.g., injected JavaScript files or unfamiliar scripts).
   
3. Rotate Credentials
   Revoke and reissue developer tokens, GitHub PATs, npm tokens, and cloud credentials. Enforce multi-factor authentication on accounts with repository publishing or administrative permissions.
   
4. Inspect GitHub and CI/CD Pipelines
   Look for newly created repositories associated with the attack, suspicious or recently added workflows under .github/workflows, and unexpected automation triggers.
   
5. Harden Build Pipelines
   Restrict npm lifecycle script execution in CI. Limit outbound network access from build agents. Ensure short-lived, scoped automation tokens are used.
   

These actions reduce both the likelihood of ongoing compromise and the potential impact of persistence mechanisms currently deployed in the wild.

How Sweet Security Strengthens Supply-Chain Defense

Incidents like Shai-Hulud 2.0 highlight the limitations of relying solely on static dependency analysis or build-time controls. Sweet Security provides runtime-level visibility and execution-based validation, enabling organizations to detect and respond to malicious package activity with significantly greater precision.

Runtime Library Execution Visibility

Sweet Security’s sensor identifies exactly which libraries and binaries are loaded into memory and executed on CPU. This allows security teams to distinguish between installed dependencies and those actually running in production – critical for prioritizing real exposure during a supply-chain incident.

Detection of Malicious Execution Behavior

Because Shai-Hulud-related payloads interact with credential files, make unusual network calls, or attempt to modify repositories, our runtime monitoring detects anomalous access patterns and execution behaviors indicative of compromise.

CI/CD Integration for Pre-Execution Controls

Sweet Security surfaces and analyzes lifecycle scripts and dependency behaviors before code is deployed. This adds an additional layer of protection against malicious package versions entering production systems.

Exposure Mapping Across the Environment

By correlating runtime execution with known malicious package signatures or behaviors, our platform identifies which workloads are materially exposed, helping teams triage and remediate efficiently.

In short, Sweet Security provides the visibility needed to understand whether a malicious library is merely present – or actively executing.

Conclusion

Shai-Hulud 2.0 serves as a clear example of how modern supply-chain threats can infiltrate software ecosystems at scale, using automation and developer workflows to propagate rapidly and persistently. Addressing this class of threat requires both immediate incident response and longer-term architectural controls.

With the combination of dependency review, credential hygiene, pipeline hardening, and runtime-focused monitoring, organizations can significantly limit their exposure. Sweet Security’s execution-based visibility provides a decisive advantage in identifying actual risk and reducing the time between detection and remediation.

Ready to see this in action? Book a demo today to see your true runtime risk.