Researchers found vulnerabilities that allow attackers to bypass npm’s Shai-Hulud defenses via Git dependencies in 2025, affecting multiple JavaScript package managers and leaving npm as the only major tool that has not applied a fix.
KEY FACTS
- Incident Git dependencies can override install behavior to execute code
- Affected pnpm, vlt, Bun and npm
- Impact code execution despite use of the –ignore-scripts flag
- Status vendors patched except npm which closed the report
A technical analysis by Koi Security found that when npm installs a dependency from a Git repository, configuration files such as a malicious ‘.npmrc’ can override the git binary path and lead to full code execution even when the –ignore-scripts flag is set to true
The discovery follows the Shai-Hulud supply-chain attacks that first hit npm in mid-September 2025 and later returned in a larger wave, incidents that exposed hundreds of thousands of developer secrets across thousands of repositories
Bun issued a patch in version 1.3.5, vlt patched within days, and pnpm released fixes for CVE-2025-69263 and CVE-2025-69264. npm closed the HackerOne submission and marked the behavior as “works as expected”
GitHub is working to address the issue and is actively scanning the registry for malware and encourages projects to adopt trusted publishing and granular access tokens with enforced two-factor authentication
Mitigations listed in the report include disabling lifecycle scripts during installation using –ignore-scripts and enabling lockfile integrity and dependency pinning, though the Git-based bypass can defeat some of those controls
WHY IT MATTERS
The issue shows that Git-based installs can undermine recommended hardening steps and that not all tooling has been updated, increasing risk to developers who rely on package manager flags for supply-chain defenses