Security researchers have identified a self-propagating supply-chain attack targeting npm, the world’s largest JavaScript package registry. The campaign, nicknamed ‘Shai-Hulud,’ has compromised at least 187 npm packages after starting with the popular @ctrl/tinycolor package, which garners more than two million weekly downloads, according to industry observers. Daniel Pereira’s LinkedIn post warned the community about the threat and cautioned users not to install the latest versions of the package.
The worm-like campaign has since expanded beyond tinycolor into packages published under CrowdStrike’s npm namespace, including the crowdstrike-publisher account. CrowdStrike said it swiftly removed malicious packages from public registries and rotated keys in public registries; the company stressed that the affected packages are not used in the Falcon sensor and that customers remain protected.
Security firms Socket and Aikido researchers identified the compromised set and have since expanded the tally to at least 187. Socket initially identified at least 40 compromised packages, with further findings from Socket and Aikido bringing the total higher.
The malicious code employs a self-propagating mechanism that targets other packages by the same maintainer. The malware downloads a target package, modifies its package.json, injects a bundle.js script, repacks the archive, and republishes it, enabling automatic trojanization of downstream packages, according to Socket researchers.
The bundle.js payload makes use of TruffleHog, a legitimate secret-scanning tool, to search the host for API keys, passwords and other credentials. The script then attempts to reuse developer and CI credentials, creates unauthorized GitHub Actions workflows, and exfiltrates results to a hardcoded webhook endpoint.
Analysts note the campaign’s branding – Shai-Hulud – derives from a shai-hulud.yaml workflow used in compromised versions, a reference to the giant sandworms in Frank Herbert’s Dune series.
In a broader context, the attack follows other high-profile supply-chain incidents in recent weeks. Google has said the Gemini CLI source code was not compromised, though users who installed or updated the tool during the incident window may be affected, with guidance being provided for remediation.
Security and engineering teams are urged to audit environments and logs for signs of compromise, rotate all secrets and CI/CD tokens, and review dependency trees for malicious versions. Practitioners are advised to pin dependencies to trusted releases and to limit publishing credentials to reduce exposure to such package-level compromises.