Executive Summary

On September 15–16, 2025, security researchers identified a new self-replicating malware campaign within the npm ecosystem,
codenamed “Shai-hulud.” This worm infected over 180 npm packages, many of which are widely integrated into modern
JavaScript and TypeScript projects. Once installed, the malware exfiltrates developer credentials, cloud provider tokens, and
other sensitive secrets, enabling attackers to compromise CI/CD pipelines, GitHub repositories, and cloud environments.
A self-replicating worm (“Shai-hulud”) is actively compromising npm packages and stealing cloud/dev tokens. At least 40
packages were initially flagged; subsequent analyses put the tally at 180+ infected packages, including popular libraries (e.g.,
@ctrl/tinycolor 4.1.1–4.1.2). Treat this as an ongoing incident and assume exposure if “latest” or range versions were installed since
Sept 15–16, 2025.

Crypto Wallets Emptied in Massive NPM Supply Chain Attack

The attack is significant because:

• It leverages npm supply-chain trust to spread rapidly.
• It bypasses traditional endpoint defenses by running as part of standard package installation.
• It targets developer identities and tokens, creating downstream risk far beyond the infected system.

Requested developer actions (do these today):

• Pin exact versions — no carets/tilde/ranges. In package.json, use “dependency”: “x.y.z” only; commit the updated
  package-lock.json. Use npm ci in CI to enforce lockfile-exact installs.
• Stop using “latest” anywhere (Dockerfiles, CI, and docs). Replace with explicit, vetted versions.
  Disable lifecycle scripts in CI until further notice: npm ci –ignore-scripts (then selectively re-enable for trusted
  builds).
• Immediately rotate secrets/tokens used on dev laptops, CI, npm, GitHub, cloud (AWS/GCP/Azure). Revoke stale PATs;
  enforce 2FA everywhere.
• Audit dependency trees for known bad versions; roll back any installs from Sept 15 onward that pulled new ranges. Rebuild
  artifacts from clean caches.
• Add an allow-list for registries and scope mirrors (block direct installs from unknown registries). Capture/alert on
  postinstall usage during builds.
• Gate updates with PR bots (e.g., Renovate) configured to pinned “allowedVersions,” and require human review on any
  dependency version bump.
• Verify integrity via lockfile integrity fields and use npm audit/SCA scanners with org-wide policies; fail builds on
  criticals.

Triage notes:

If you pulled @ctrl/tinycolor 4.1.1 or 4.1.2 (or other flagged packages) since Sept 15, treat the workstation/runner as potentially
credential-compromised; rotate secrets and reimage if needed.

Reference:

• The Hacker News overview and evolving list. The Hacker News
• Wiz deep-dive on worm behavior and detection. wiz.io
• JFrog malware tracker (package counts, IoCs). JFrog
• Sonatype research update. Sonatype
• Sysdig analysis (200+ packages incl. CrowdStrike). Sysdig
• Snyk advisory on tinycolor/ngx-bootstrap bad releases. Snyk
• ReversingLabs technical write-up. ReversingLabs
• eSentire security advisory (187 packages). eSentire
• KrebsOnSecurity summary. Krebs on Security