Listen to this Post
The npm ecosystem is facing a renewed cybersecurity threat as multiple security vendors alert developers to a second wave of attacks echoing the infamous Shai-Hulud compromise from September 2025. This new campaign, dubbed Sha1-Hulud, is rapidly targeting hundreds of npm packages, employing sophisticated techniques that put developers’ credentials, cloud secrets, and even local file systems at risk. The threat highlights an evolving strategy in supply-chain attacks, blending credential theft with destructive capabilities when exfiltration fails.
Surge in NPM Supply Chain Attacks
Security firms including Aikido, HelixGuard, Koi Security, Socket, and Wiz have reported that Sha1-Hulud has compromised numerous npm packages by introducing malicious code during the preinstall phase. This approach significantly broadens exposure, affecting both build and runtime environments. The attack mirrors the original Shai-Hulud campaign, which focused on harvesting secrets via TruffleHog and self-propagation through compromised maintainer accounts.
The malware leverages a preinstall script named setup_bun.js in the package.json file. This script stealthily installs the Bun runtime and executes bun_environment.js, a malicious payload with dual workflows. The first workflow registers the infected machine as a self-hosted GitHub runner named “SHA1HULUD,” injecting a workflow file (.github/workflows/discussion.yaml) that enables arbitrary command execution. The second workflow focuses on exfiltrating secrets defined in GitHub repositories, which are uploaded as artifacts and subsequently deleted to conceal traces of the attack.
HelixGuard reports that the malware scans local machines with TruffleHog, stealing critical credentials including NPM tokens, cloud provider secrets (AWS, GCP, Azure), and environment variables. Wiz has identified over 25,000 affected repositories across 350 unique users, with new repositories being infected at a rate of approximately 1,000 every 30 minutes in the last few hours.
Aggressive Destructive Measures
Unlike the first wave, the second wave introduces a punitive component. Koi Security warns that if the malware fails to authenticate to GitHub or obtain necessary tokens, it triggers a wiper function, destroying all writable files in the user’s home directory. This escalation marks a shift from mere data theft to targeted sabotage, dramatically increasing the potential damage to affected systems. Security researchers Yuval Ronen and Idan Dardikman emphasize that this represents a significant tactical evolution by the threat actors.
Organizations are advised to urgently review all npm packages, remove compromised versions, rotate credentials, and audit GitHub workflows for suspicious activity. Suspicious files include shai-hulud-workflow.yml or other unusual branches that could indicate persistence mechanisms.
What Undercode Say:
The Sha1-Hulud resurgence represents a concerning trend in supply-chain attacks, highlighting the evolving sophistication of threat actors within developer ecosystems. By leveraging preinstall scripts, attackers are able to execute malicious actions before developers even have visibility into compromised packages. This tactic exploits trust in legitimate npm packages, amplifying potential damage across diverse projects and organizations.
The inclusion of a destructive fallback—wiping local directories if credential theft fails—is a significant escalation in tactics. It indicates that threat actors are prepared to cause maximum disruption, rather than solely harvesting information. This shift underscores the need for proactive, multi-layered defense strategies that include dependency monitoring, real-time scanning of preinstall scripts, and rigorous audit protocols for CI/CD workflows.
The rapid infection rate reported by Wiz—1,000 new repositories every 30 minutes—demonstrates how quickly supply-chain compromises can proliferate in open-source ecosystems. This emphasizes the importance of automated monitoring and immediate remediation, as manual responses alone are insufficient against the speed and scale of modern attacks.
Sha1-Hulud also exemplifies the intersection of cloud and local attack vectors. By combining GitHub runner exploitation, cloud secret exfiltration, and local environment scanning, attackers are creating a hybrid threat landscape that requires defenders to consider security beyond traditional perimeter defenses. Organizations relying heavily on automated deployments and package dependencies are particularly vulnerable.
Moreover, this incident sheds light on the ongoing challenges in open-source governance. The trust placed in package maintainers and the open nature of npm repositories creates a persistent attack surface that is difficult to fully secure. The recurring references to Shai-Hulud naming and tradecraft may also indicate that these attacks are carried out by sophisticated actors with knowledge of prior compromises, signaling potential ongoing campaigns rather than isolated incidents.
For developers, the implications are stark: every dependency introduces risk. Strict validation of packages, careful auditing of preinstall scripts, and minimal reliance on unnecessary packages can reduce exposure. Beyond that, organizations should adopt granular permission models for cloud credentials, implement rotation schedules, and segregate sensitive projects to contain potential breaches.
Sha1-Hulud’s destructive capacity raises ethical and operational questions for incident response teams. Preparing for wiper scenarios is uncommon in npm-related attacks, yet the current campaign necessitates contingency planning for both data recovery and operational continuity. Security teams should ensure that backup systems are isolated and validated to survive such destructive payloads.
The psychological impact on the developer community cannot be underestimated. Supply-chain attacks of this magnitude can erode trust in open-source ecosystems, potentially slowing adoption of crucial libraries and frameworks. Transparency from security researchers and proactive community alerts will be essential in maintaining confidence and mitigating cascading effects.
This campaign reinforces a larger trend: attackers are increasingly blending espionage and sabotage. The dual objectives of credential theft and punitive destruction reflect a strategic evolution, transforming what was once primarily opportunistic cybercrime into a more deliberate, high-impact threat.
Fact Checker Results:
✅ Reports of Sha1-Hulud targeting npm packages confirmed by multiple security vendors.
✅ Over 25,000 repositories affected, spanning 350 unique users.
❌ No evidence yet of widespread public data breach; most information remains contained within developer environments.
Prediction
The Sha1-Hulud campaign is likely to inspire imitators targeting other open-source ecosystems, such as PyPI or RubyGems. 🔥 Expect a surge in automated monitoring tools and stricter CI/CD security policies. Organizations that delay remediation will face increased risk of both credential theft and destructive payloads, signaling a new era of aggressive supply-chain attacks. Enhanced dependency vetting and preinstall script auditing will become standard practice across developer communities.
🕵️📝✔️Let’s dive deep and fact‑check.
References:
Reported By: thehackernews.com
Extra Source Hub (Possible Sources for article):
https://www.medium.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
Bing
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon
