A massive supply-chain attack is affecting npm packages: a self-replicating worm has trojanized dozens of packages (some very widely used), injecting malicious code that searches developers’ machines for secrets (e.g. GitHub tokens, AWS keys, NPM_TOKEN etc.), exfiltrates them, and even auto-publishes compromised downstream packages, spreading itself. Developers should immediately audit for any of the affected packages, rotate secrets, pull in clean versions, and consider runtime vulnerability / supply chain protection solutions like Sweet Security to detect and block these threats.

How the Attack Was Carried Out

Here’s how the attackers executed the compromise:

1. Compromise of Maintainer / npm Account
   The starting point appears to be a malicious version of a package (rxnt-authentication) published by a maintainer account (techsupportrxnt) on npm on September 14, 2025.
   
2. Insertion of Malicious Script
   The compromised packages include a function (NpmModule.updatePackage) that downloads a package tarball, modifies its package.json, injects a new script file (bundle.js), repackages everything, and republishes, thereby infecting others that depend on or maintain those packages.
   
3. Self-replication (“worm-like”) Behavior
   The malicious code not only infects the original package, but also spreads: once a maintainer’s account is compromised, other packages they maintain are trojanized. That means downstream dependencies are at risk automatically.
   
4. Credential Hunting & Exfiltration
   The injected script runs TruffleHog (a tool that scans for secrets like tokens) on the developer’s machine (Windows and Linux). It tries to pick up credentials (NPM_TOKEN, AWS keys, GitHub tokens etc.), validates them (e.g. via GitHub API), and exfiltrates them to a remote endpoint. It also attempts to write a GitHub Actions workflow into repositories so that future CI runs can pick up secrets/artefacts for exfiltration.
   
5. Persistence & Pipeline Compromise
   Because of the commit of workflows into /.github/workflows, future automated pipelines (CI/CD etc.) may trigger the malicious exfiltration or propagate more broadly. And by leveraging maintainer publishing rights, the worm can continuously infect more packages.
   

What Attackers Were Looking For

Principal goals of the adversary:

• Secrets & Credentials: Tokens (GitHub, NPM), cloud credentials (AWS etc.) that enable further penetration, access to private code, manipulation of CI/CD, or other services.
  
• Stealing Code / Repos: The malware appears to try to publicize private repositories of compromised users (suffixing with “-migration”) to extract code or secrets hard-coded or stored there.
  
• Ongoing Access / Persistence: By adding GitHub workflows, they ensure that even after the detection of a local infection, CI/CD pipelines become a vector for continuous exposure.
  
• Spreading / Scaling Damage: Because the worm behavior infects other packages that maintainers control, the risk isn’t limited to immediately compromised packages. It can cascade through the ecosystem.
  

Affected Packages

As this event is still ongoing, the list of affected packages is not yet finalized. Estimates put it between 180 to 500. We keep monitoring our customers’ environments continuously as new packages are reported.

How Sweet Security Can Help

Sweet Security focuses on runtime vulnerability management, which can help in several ways:

1. Runtime Vulnerability Management
   Using a runtime sensor, Sweet can tell which packages are actually loaded and executed in your environment. This narrows down the number of vulnerabilities that actually need your immediate attention.
   
2. Runtime Behavior Monitoring
   At runtime or during dev/test, detect suspicious behavior like the execution of scripts that try to access local credentials files, reach out to external endpoints with secrets, or write workflows dynamically.
   
3. CI/CD Pipeline Scanning and Hardening
   Sweet’s CI/CD scanner integrates into CI/CD workflows and reviews packages during build or install time; it also blocks or requires review before those workflows can persist.
   
4. Discovering Secrets in Code and
   Because attackers are trying to steal tokens and credentials, having good secrets hygiene (e.g. not embedding secrets, using ephemeral credentials, rotating them) is crucial. Monitoring for exposures and automatically rotating secrets can limit damage.
   
5. Threat Intelligence & Ecosystem Alerts
   Sweet alerts when new supply chain incidents emerge and can quickly see which of your projects are exposed (direct or transitive dependency). Sweet then provides guidance on remediation (which versions are clean, what to upgrade to).
   
   

Summary

This npm supply chain attack, dubbed Shai-Hulud, represents a serious escalation in how dangerous malware can propagate in open source ecosystems. Because the malicious code both searches for secrets and repackages and republishes trojanized versions, the exposure is large and the risk ongoing. Here’s a short checklist of actions to be taken:

• Immediately check if your projects depend (also transitively) on any of the compromised packages.
  
• Rotate any exposed secrets (GitHub, npm, cloud credentials).
  
• Upgrade to clean versions of compromised packages (once safe versions are published).
  
• Audit environments (developer machines, CI systems), and look for suspicious GitHub workflows.
  

Sweet Security offers runtime vulnerability / supply chain protection which is becoming increasingly essential – it allows you not just to fix vulnerabilities after the fact but to detect, block, and remediate malicious behavior as it tries to infiltrate.