Shai-Hulud Strikes Again: Massive npm Attack Exposes Thousands of Secrets

A major npm supply-chain incident surfaced last week. Over 800 packages were poisoned, leading to more than 25,000 GitHub repositories being populated with stolen secrets. Projects linked to Zapier, ENS Domains, PostHog, and Postman were briefly affected.

If you installed one of the compromised packages, assume your local secrets are exposed. The malware also created a persistent GitHub runner on victim machines, allowing remote access. GitHub is removing the malicious repositories and notifying affected users.

Why This Matters: Even trusted packages can be weaponized. Developers, CI/CD pipelines, and automated builds are all at risk, highlighting the need for vigilant dependency management.

What Made This Attack Stand Out

The late-November Shai-Hulud wave was far more aggressive than typical package hijacks. Using stolen maintainer credentials, the attacker republished trusted packages with malicious code at scale.

Once executed, the malware ran across developer machines, CI pipelines, and automated build systems stealing tokens, cloud keys, and environment variables. It then registered rogue GitHub runners for persistent access.

Instead of sending data to an external server, the attacker uploaded stolen secrets into newly created public GitHub repositories, turning automation features into an exfiltration channel. This clever approach allowed the attack to propagate rapidly while remaining under the radar.

Shai-Hulud V1 & V2: The Evolution of a Supply-Chain Attack

Shai-Hulud V1

• Initial Compromise – Malicious package appears; credentials start leaking.
• Propagation – More infected packages published in a coordinated wave.
• Investigation – Payload behavior and data-theft method identified.

Shai-Hulud V2

• New Wave – Updated malware spreads through a second attack.
• Root Cause – Exploited GitHub Actions workflows used as entry point.
• Cleanup – Malicious repos removed; victims notified.

Technical Sophistication: Bun Runtime and TruffleHog

Shai-Hulud 2.0 was more advanced than its predecessor, introducing several clever techniques that made it far more dangerous. The malware moved its execution to preinstall scripts, meaning it ran before the package was even installed, spreading quickly across developer machines, CI pipelines, and automated build systems.

The attack also used unusually large, heavily obfuscated payloads, including a 10MB bun_environment.js file that leveraged the Bun JavaScript runtime instead of standard Node.js, giving it a stealthy and powerful execution environment.

Once active, the malware downloaded and ran TruffleHog, an open-source tool that scans for secrets on the host system. This allowed the attackers to systematically harvest credentials from AWS, GCP, and Azure, including cloud-native secrets, giving them access to a wide range of sensitive resources.

Immediate Best Practices (Shai-Hulud 2.0)

• Do NOT upgrade affected packages until confirmed clean.
• Avoid updating lockfiles and running npm install unnecessarily.
• Pin exact versions instead of latest or ^.

Risky config

"ethereum-ens": "latest"
"ethereum-ens": "^0.8.1"

Safer Config

"ethereum-ens": "0.8.0"

Remember that software supply chain attacks can spread quickly and are growing in sophistication. Do not blindly trust open source packages, limit automation of pull requests, and don’t update versions without first validating them in a testing environment.

Useful Resources:

1. Ycombinator forum thread on Shai-Hulud 2.0
2. Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft (HackerNews)
3. Massive npm infection: the Shai-Hulud worm and patient zero (SecureList)