Shai-Hulud Supply-Chain Attack: Multi-Wave npm Compromise Allows Automated Credential Theft and Worm-Style Propagation
December 4th, 2025
High
Our Cyber Threat Intelligence Unit is monitoring an escalating supply-chain compromise in the npm ecosystem, codenamed Shai-Hulud. The first wave, observed in mid-September 2025, compromised over 500 npm packages, including several CrowdStrike-scoped packages, by injecting a worm into npm lifecycle scripts to harvest developer, CI/CD, and cloud credentials. A second wave, referred to as “Shai-Hulud: The Second Coming,” emerged in late November and infected nearly 500 additional npm packages across major vendors, including Zapier, ENS Domains, AsyncAPI, PostHog, and Postman. According to vendor reporting, this wave indirectly exposed approximately 26k–28k GitHub repositories. The updated variant uses TruffleHog for automated credential discovery, validates stolen tokens through live API calls, exfiltrates secrets to newly created attacker-controlled GitHub repositories, and rapidly republishes trojanized npm packages via compromised maintainer accounts.
Technical Details
Attack Type: Supply-chain compromise utilizing a self-replicating worm embedded in npm lifecycle scripts.
Severity: High.
Delivery Method: Compromised or impersonated maintainer accounts used to publish tampered npm packages across Zapier, ENS, AsyncAPI, PostHog, and Postman ecosystems.
Attack Chain & Techniques:
Compromised Maintainer Accounts: Adversaries obtain npm maintainer credentials and publish tampered package versions containing worm components.
Lifecycle Script Abuse:
Wave 1: Worm injected into postinstall scripts.
Wave 2: (2.0 variant): Worm deployed via preinstall scripts, triggering execution during package installation in developer, CI, or cloud-built environments.
Malicious Scripts Included:
setup_bun.js: Loader that installs the Bun runtime if absent.
bun_environment.js: A large (~10 MB) obfuscated payload responsible for credential harvesting, token validation, exfiltration, and self-propagation.
Automated Secret Harvesting: The worm downloads and executes TruffleHog to identify tokens, environment variables, and cloud keys, including GitHub PATs, npm tokens, AWS/GCP/Azure credentials, and CI/CD runner secrets.
Token Validation & Exfiltration: Stolen tokens are validated with live API calls, then uploaded to newly created attacker-controlled GitHub repositories, often with descriptions such as “Sha1-Hulud: The Second Coming.”
Cross-victim exfiltration occurs when confidential data from one organization ends up stored in repositories belonging to another compromised victim.
Worm-Style Self-Propagation: With validated credentials, the worm authenticates as legitimate maintainers, trojanizes additional packages, and publishes up to ~100 malicious versions per compromised account.
This resulted in indirect exposure for more than 26k–28k GitHub repositories.
Dropped Files & Helper Scripts: During execution, several temporary artifacts appear on affected systems, such as:
/tmp/processor.sh
/tmp/migrate-repos.sh
Obfuscated bundles (bundle.js)
Destructive Fallback Behavior: If the worm cannot exfiltrate credentials or propagate, it attempts a destructive wipe of the user’s home directory using platform-specific deletion commands.
Components Affected:
Example Trojanized Packages (across waves): @ctrl/[email protected], @ctrl/[email protected], [email protected], [email protected].
Vendors Impacted (Wave 2): Zapier, ENS Domains, AsyncAPI, PostHog, Postman.
Impact
Development and Build Environment Exposure: Compromise of developer machines, CI runners, and cloud-connected builds allows credential theft and automated package tampering.
Persistent Unauthorized Access: Stolen GitHub, npm, and cloud credentials allow long-term access even after malicious packages are removed.
Supply Chain Propagation: The worm automatically republished malicious npm packages through compromised maintainer accounts, impacting thousands of downstream dependencies.
Cross-Organization Credential Leakage: Credentials from one organization may be inadvertently exposed in repositories associated with other, unrelated entities.
Pipeline Integrity Risks: Lifecycle scripts executed during build phases can result in modification of workflows, GitHub Actions, build steps, and automation processes.
Downstream Organizational Exposure: Organizations using impacted packages may experience repository compromise, cloud access issues, credential theft, or lateral movement.
Detection Method
Organizations should review indicators across GitHub, npm, CI/CD, and developer endpoints:
Lifecycle Script Abuse:
Unexpected preinstall or postinstall script execution during npm install.
Downloads of:
setup_bun.js
bun_environment.js
Obfuscated bundle.js
GitHub Repository & Token Activity:
Unauthorized creation of new PATs or OAuth tokens
New repositories with names/descriptions including:
“Shai-Hulud” (Wave 1)
“-migration” or "Shai-Hulud Migration" (Wave 1)
“Sha1-Hulud: The Second Coming.” (Wave 2)
Appearance of .github/workflows/discussion.yaml or other unapproved workflows.
CI/CD Runner Indicators:
Execution of TruffleHog without authorization
Suspicious curl/wget calls
Scripts dropped into /tmp/*repos.sh
Cloud Provider Logs:
Unusual GitHub or npm token usage patterns originating from build systems
Sudden outbound traffic during package installation or build phases
Package Integrity Issues:
Unannounced package updates
Mass republishing from accounts that rarely publish
Dependency changes uncovered via SBOM or integrity-scanning tools
Indicators of Compromise
Type | Indicator |
Domain | lud-sync[.]xyz package-sync[.]top github-data-sync[.]app npm-migrate[.]tech repo-migration[.]xyz https[:]//registry[.]npmjs[.]org https[:]//bun[.]sh/ |
URL | gistry[.]npmjs[.]org https[:]//bun[.]sh/ |
Hash | a3894003ad1d293ba96d77881ccd2071446dc3f65f434669b49b3da92421901a 62ee164b9b306250c1172583f138c9614139264f889fa99614903c12755468d0 c723605455e8667a4c84327cf6b704bbdcb9b4ce3707ddddd927d32b8372ff77 2e44e8d8a8e906fd5bfbb37be08dfe2dcf1ce41bd4ba726987ab516446dfb4f1 fa7df9e9fc5390cc54e0086073fc9b3054087ffddf661bbc9f836b007fa25f20 d66343059793800e72ef17690ce26492dc854c8513905778630ff1ed4e7a81b8 981d3e2f5d7e26c93bd4b758ea722468900894fb2368db5f8399282e2414fe33 |
Recommendations
Immediate Actions:
Rotate all developer, GitHub, npm, CI/CD, and cloud credentials used during builds or package installation.
Revoke all classic npm tokens and adopt scoped or trusted-publishing tokens.
Audit all dependencies, especially packages related to Zapier, ENS Domains, AsyncAPI, PostHog, and Postman.
Remove unauthorized GitHub repos, workflows, or suspicious new PATs.
Pipeline & Build Hardening:
Disable npm lifecycle scripts (postinstall/preinstall) in CI environments.
Restrict outbound network access during builds to trusted domains.
Enforce mandatory MFA for GitHub, npm, and cloud accounts.
Use supply-chain security tools such as Safe-Chain, Socket.dev, and Snyk to detect suspicious package modifications.
Long-Term Supply-Chain Governance:
Pin and verify package versions using lockfiles, provenance, or package signing.
Continuously monitor for unapproved workflow modifications, anomalous publish behavior, or dependency tampering.
Adopt strong maintainer hygiene: MFA, scoped tokens, and trusted publishing.
Conclusion
The Shai-Hulud incident illustrates how quickly modern supply-chain intrusions can escalate when attackers weaponize trusted package ecosystems. By chaining stolen maintainer credentials through automated secret harvesting and worm-style propagation, adversaries compromised developers, CI/CD systems, and thousands of downstream repositories in a matter of days. To mitigate associated risks, we urge organizations to act promptly, implement immediate credential rotation, build pipeline hardening, and perform full dependency auditing. Long-term resilience depends on stronger maintainer security, strict workflow governance, and continuous visibility into package integrity across all development and deployment environments.