CISA has issued an urgent security Alert in response to a large-scale software supply chain attack on npmjs.com, the world’s largest JavaScript package registry.
A self-replicating worm, dubbed Shai-Hulud, has infiltrated more than 500 npm packages and injected malicious code that aggressively spreads by abusing developer credentials and npm publish workflows.
Self-Replicating npm Supply Chain Threat After securing initial access presumably via a compromised maintainer account, Shai-Hulud deploys a sophisticated payload that scans for sensitive credentials stored in environment variables and local configuration files.
The malware targets GitHub Personal Access Tokens (PATs) and API keys for AWS, GCP, and Azure, exploiting common CI/CD practices where tokens are inadvertently persisted.
Once harvested, credentials are exfiltrated to an actor-controlled endpoint and simultaneously uploaded to a public GitHub repository named Shai-Hulud via the GitHub/user/repos API.
Shai-Hulud then uses an automated loop to authenticate to the npm registry with stolen tokens. Leveraging the npm CLI, it injects malicious JavaScript into the entry point file often index.js of other packages in the compromised developer’s dependency tree.
Following the injection, the worm executes’ npm version patch && npm publish –access public’ to publish a trojanized version, thereby perpetuating its spread.
The worm’s self-replication mechanism exploits transitive dependencies: any project depending on one of the compromised packages can inadvertently become a new host.
Mitigations CISA recommends immediate action to detect and remediate this compromise:
Examine all package-lock.json and yarn.lock files to identify packages released after September 16, 2025. Use npm audit and static analysis tools to flag unexpected code changes or additional postinstall scripts.
Rotate all developer credentials and revoke exposed GitHub PATs. Enforce phishing-resistant multi-factor authentication (MFA) on every developer account, particularly for GitHub and npm registry logins.
Implement IDS/IPS rules to monitor anomalous SSH and HTTPS connections. Block outbound traffic to known suspicious endpoints, including webhook.site domains, and audit firewall logs for unexpected DNS queries and egress to unfamiliar IP ranges.
Remove unnecessary GitHub Apps and OAuth permissions. Enable branch protection rules, secret scanning, and Dependabot security updates. Audit webhooks and repository-level secrets for unauthorized changes.
Pin dependencies to known safe versions published prior to September 16, 2025. Set strict semver ranges (e.g., “lodash”: “4.17.21”) in package.json to prevent inadvertent updates to compromised releases.
Enhanced vigilance across the development pipeline is crucial to stem the worm’s propagation and safeguard the integrity of the npm ecosystem.