This latest attack on npm, a large-scale assault on the software development ecosystem, has left many in the tech community reeling. The attackers, believed to be the same group behind the infamous Nx attack in August 2026, have taken their malicious tactics to the next level by compromising an astonishing 187 packages.

The scope and impact of this attack are significant, with the malware spreading rapidly across the npm registry. The attackers' playbook has been refined, turning the original attack into a full-blown worm that can automatically:

  • Steal secrets and publish them to GitHub publicly
  • Run TruffleHog and query Cloud metadata endpoints to gather secrets
  • Attempt to create a new GitHub action with a data exfiltration mechanism through an attacker-controlled webhook site
  • Iterate the repositories on GitHub that a user has access to, making them public

To avoid being compromised by packages like this, it's essential to understand what makes these attacks so devastating.

What the Worm Does

The malware, named Shai-Hulud after the infamous worm in the Dune franchise, does the following:

  • Harvests secrets from the host and CI environment using TruffleHog and cloud metadata endpoints
  • Exfiltrates data by creating a GitHub repository under the compromised account and committing a JSON dump containing system info, environment variables, and collected secrets
  • Creates a GitHub Actions workflow that serializes secrets and POSTs them to an attacker-controlled webhook site
  • Propagates by using valid npm tokens to update packages controlled by the compromised maintainer (supply-chain propagation)
  • Amplifies by iterating accessible repositories, making them public or adding workflows that trigger further runs and leaks

Leaking of Secrets

The attackers are employing a "smash-and-grab" style attack, rapidly publishing stolen credentials/tokens and turning private GitHub repositories to public. This not only compromises sensitive information but also enables further attacks.

Self-Propagation through npm

What's most striking about this attack is its self-propagation mechanism through npm. The malware can re-publish itself into other npm packages owned by the compromised maintainer, creating a continuous cycle of infection and spread.

The logic behind this worm-like behavior is as follows:

  • Download a target tarball from the npm registry
  • Modify the package.json file to bump the patch version and insert a new lifecycle hook (postinstall)
  • Copy the malware's payload into the tarball as bundle.js, ensuring that infected code lives inside the next package
  • Re-publish the trojanized package using the maintainer's credentials

This cycle allows the malware to continuously infect every package a maintainer has access to, making each published package a new distribution vector.

Remediation Advice

To minimize the risk of being compromised:

  • Check the versions you're using
  • Clean your npm cache
  • Reinstall all packages in your repository
  • Ensure you use a package lock file and pinned versions

Aikido: Your Guardian Angel Against Malware

If you're an Aikido user, check your central feed for malware issues. The vulnerability will be surfaced as a 100/100 critical issue. Tip: Aikido rescans your repos nightly, though we recommend triggering a full rescan as well.

If you're not yet an Aikido user, set up an account and connect your repos. Our proprietary malware coverage is included in the free plan (no credit card required).

For future protection, consider using Aikido SafeChain, an open-source secure wrapper for npm, npx, yarn, pnpm, and pnpx. This innovative solution sits in your current workflows, verifying packages for malware before installation against Aikido Intel's Open Sources Threat Intelligence. Stop threats before they hit your machine.