NPM Supply Chain Crisis: Shai-Hulud 2.0 Attack Hits 25K Repos, Includes Destructive Sabotage
Malicious activity has once again surged within the npm ecosystem. This time, it is the second wave of the Shai-Hulud attack—an operation that mirrors the logic of the September campaign but unfolds with far greater aggression. The incident spread rapidly through the developer community, as attackers leveraged familiar delivery mechanisms: trusted packages and automated installation routines that quietly smuggle harmful code into otherwise legitimate workflows.
According to multiple supply-chain security firms—including Aikido, HelixGuard, Koi Security, Socket, Step Security, and Wiz—an unidentified group injected malicious modifications into hundreds of npm packages uploaded between 21 and 23 November 2025.
A preinstall hook embedded in the affected packages forces the system to silently install or probe for the Bun runtime, after which a concealed script executes and triggers subsequent stages. This pattern closely follows the previous attack, whose objective was the theft of developer secrets and the exfiltration of sensitive data to remote GitHub repositories.
During analysis, researchers discovered that the compromised packages register the local machine as an improvised runner named “SHA1HULUD.” The attacker then plants a workflow in the repository containing a command-injection vulnerability, enabling arbitrary code execution on the device. A separate step handles the extraction of confidential material: GitHub secrets are copied into a file named actionsSecrets.json, downloaded back onto the compromised system, and the traces of activity are wiped.
The malicious code also executes TruffleHog, using it to harvest npm tokens, cloud-platform keys, and other environmental secrets. The scale of the threat is underscored by Wiz’s assessment: more than 25,000 repositories have already been affected, with new projects compromised every half hour. Since the campaign spreads via compromised maintainer accounts, it poses a particularly grave danger to the open ecosystem.
One detail has caused particular alarm. As noted by Koi Security, when the malware fails to authenticate to GitHub or retrieve tokens, it shifts to destructive behavior, erasing the user’s home directory—including every writable file. This fallback trigger occurs only when authentication is impossible, yet its very presence signals a drastic escalation in attacker tactics: a progression from covert data theft to outright sabotage.
Researchers also identified a privilege-escalation mechanism: a privileged Docker container is created with the host’s root filesystem mounted inside it, allowing attackers to tamper with sudo configuration and gain passwordless access. Such a technique heightens the risk of long-term persistence and systemic manipulation.
Organizations are urged to immediately audit their environments for compromised packages, remove all suspicious versions, rotate all tokens, and review workflows within the .github directory for unexpected files or branches associated with the Sha1-Hulud family. These steps may help contain the spread of malicious activity while further details of the attack continue to emerge.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
