NPM Account Compromise – Tracking the “Shai-Hulud” Worm

Amid growing reports from the security community, Veracode has been closely tracking the resurgence of a sophisticated threat actor behind the recent npm account compromise and the injection of malware into the widely-used ‘nx’ package. This evolved malware now exhibits worm-like capabilities, enabling it to spread rapidly and amplify its infectious impact across the ecosystem.

The Timeline: What Happened? 

August 26th: nx npm account compromised, various packages tainted

We observed a malicious file “telemetry.js” had been injected into a 19 packages maintained by nx. This malicious code included a prompt for various LLMs locally running (Claude, Gemini, and q), to coerce them to scoop up secrets which the malware then attempted to exfiltrate. This was a novel approach to stealing secrets by way of AI. The malicious code was activated via a post-install hook which was added to the package.json file:

"postinstall": "node bundle.js"

August 28th: Private repositories exposed

As reported by StepSecurity, it emerged the threat actor switched up the game to use the stolen credentials to make private repositories public. This process resulted in private repositories being renamed to “s1ngularity-repository-” with a random string at the end. They also forking the private repositories to other accounts, effectively copying the data.

September 16th: Worm-like functionality detected

This time we observed the legitimate security tool TruffleHog being bundled into compromised packages. This tool is designed to identify secrets and is used by security teams to detect and respond to accidental leakage of secrets. However, the tool was weaponized and injected into compromised packages as “bundle.js”. As before, this was triggered by a change to the package.json file to include a post-install hook. Further, the malware is making private repositories public like we previously saw.

There is clearly a theme here, which is why it is understood to be the same threat actor behind these attacks.

This time, however, they not only swapped out the LLM mechanism for TruffleHog, but they also included capabilities to propagate the spread of compromise, thus creating a worm. This worm has had quite an impact so far, affecting more than 180 packages, including some owned by CrowdStrike.

The scale of the attack has gained the attention of Brian Krebs who also reported on it. The worm aspect comes from the malware’s new functionality to copy it’s malicious payload “bundle.js” and re-publish it (along with the post-install hook) to the other packages maintained by the compromised account.

September 17th: Continuing to monitor

We observed multiple instances of the same “package.json” file within some new samples n an apparent attempt to avoid detection, and we continue to monitor this evolving threat as it continue to spread. As new packages are popping up, we are in real-time stopping these attacks to keep our customers safe. This is a developing story, and we will continue to update this post as information comes in.

What to Look For

Check your GitHub repositories and look for any of the following strong indicators of compromise:

• Repository names ending with “Shai-Hulud”
• Repository names starting with “s1ngularity-repository-“

The Threat: Multi-Layered Supply Chain Risks 

These incidents signal a shift from isolated opportunistic attacks to coordinated, multi-stage campaigns. Attack techniques included: 

• Phishing and social engineering of maintainers 
• Typosquatting and impersonation 
• Injection of browser-based malware with crypto-stealing capabilities 
• Rapid propagation via popular dependencies 

Attackers targeted both servers and browsers—exfiltrating credentials, rerouting crypto transactions, and potentially compromising user data at scale. 

Lessons from the Response: What Actually Works 

As attackers adapt, so must your defense model. Veracode has observed the following steps strengthen supply chain security: 

• Speed Matters More Than You Think: During the incident, the window between initial compromise and widespread exploitation was under 4 hours. Organizations need automated blocking that operates in minutes, not daily scan cycles. Manual review processes, even with skilled teams, simply can’t match the velocity of modern attacks. 
• Detection Requires Behavioral Analysis, Not Just Signatures: These packages passed traditional security checks – valid signatures, familiar names, trusted maintainers. The malicious code was only detectable through behavioral analysis: unusual obfuscation patterns, suspicious API hooking, and anomalous publishing velocity from compromised accounts. 
• The SBOM Paradox: While SBOMs are critical, these incidents revealed a gap: knowing what you have doesn’t help if you can’t instantly act on new intelligence. Organizations need the ability to retroactively identify and remediate packages that were clean when installed but later compromised. 
• Developer Experience Can’t Be an Afterthought: Security teams who successfully prevented these attacks had one thing in common: developers actually used their tools. Blocking must be transparent, with clear explanations and fast alternatives, or developers will bypass controls entirely. 

Veracode Customers Remain Protected 

Veracode customers using Package Firewall are shielded from these threats, with the Package Firewall preventing both server- and browser-targeted malware from reaching the SDLC. Customers can also use Software Composition Analysis (SCA) to detect the usage of these malicious packages. 

Veracode’s Supply Chain offerings are designed to protect our customers from these types of attacks with: 

1. Proactive Threat Monitoring: The Veracode Threat Research Team continuously tracks open-source activity. Automated detection and expert analysis quickly identify anomalous publishing behavior, code obfuscation, and indicators of malware. 
2. Immediate Blocking: Once a package is confirmed to be malicious, it is programmatically blocklisted. Veracode Package Firewall prevents vulnerable or compromised packages—including those from the chalk, debug, and DuckDB campaigns—from being installed in customer environments. 
3. Policy Enforcement: Customers maintain strict controls over allowable packages. Policies enforced by Veracode automatically block introductions of newly compromised packages and prevent execution of malicious scripts. 
4. Expert Guidance: The team continuously issues updates and actionable recommendations to help organizations respond quickly and confidently when new supply chain threats emerge. 

NPM Attacks Conclusion: Stay Ahead of Advanced Threats 

These recent npm attacks are a wakeup call: supply chain risks are increasing in scale and complexity. Attackers now target not only servers, but also browsers and end users, through high-trust dependencies. Standard reactive security is no longer sufficient. 

Veracode empowers you to adopt a proactive, defense-ready stance—protecting your developers, your users, and your business from the next wave of sophisticated supply chain attacks. 

Reach out to learn more.