{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/534320#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\n\r\nA major npm supply chain compromise was [disclosed](https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages) by the software supply chain security company Socket on September 15, 2025. At the time of writing, over 500 packages have been affected, and the number continues to grow. The attack involves a self-propagating malware variant dubbed *Shai-Hulud*, which spreads via credential theft and automated package publishing. The campaign escalated rapidly, including compromise of packages published by CrowdStrike.\r\n\r\nThis notice aims to raise awareness about growing risks in software development and packaging practices within the npm ecosystem that can lead to large-scale compromises. The incident highlights ongoing exploitation of known attack vectors, including credential theft, package impersonation, and automated propagation, all of which undermine the integrity of widely used package ecosystems like npm.\r\n\r\n### Description\r\n\r\nnpm is the default package manager for Node.js. It provides a global registry and command-line interface that helps developers install, manage, and share JavaScript packages and dependencies. It simplifies the integration of third-party code through the use of the `package.json` and `package-lock.json` files, which ensure dependency consistency and reproducibility.\r\n\r\nThe compromise likely began with a [credential harvesting campaign](https://unit42.paloaltonetworks.com/npm-supply-chain-attack/), where a `postinstall` script led to the execution of a malicious `bundle.js` file. [`postinstall`](https://docs.npmjs.com/cli/v8/using-npm/scripts) scripts are an npm feature that allow code execution following package installation. The `bundle.js` script scanned the target environment for exposed secrets in code and configuration files. The `bundle.js` file downloaded and used [TruffleHog](https://github.com/trufflesecurity/trufflehog), typically used for legitimate secret scanning, to harvest credentials stored as environment variables or secrets used by continuous integration and continuous delivery (CI/CD) platforms such as GitHub Actions, GitLab CI, Jenkins, and others. The malware self-propagated using the stolen credentials to publish itself to other repositories and package registries, effectively turning compromised environments into new infection vectors.\r\n\r\nA key mechanism of propagation was the automatic \"trojanization\" of CI/CD tools, a known attack vector with wide-reaching implications across ecosystems. GitHub Actions was one such capability that was abused, previously seen in attacks like the [Nx package compromise](https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c) in August of 2025.  Another known contributor to the attack was the abuse of the `postinstall` script capability in npm. This technique has been exploited in previous incidents, such as the [event-stream attack](https://dl.acm.org/doi/10.1145/3517208.3523753) in 2018. These vulnerable software development and design methods in npm have been duly abused in this combined attack.\r\n\r\n### Impact\r\n\r\nAt the time of publication, over 500 packages have been confirmed to be compromised by the *Shai-Hulud* malware. [Socket is maintaining a live list of affected packages](https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages) on their website. Organizations using CrowdStrike products should also inspect their npm package dependencies, as the npm account used to manage and publish packages for [CrowdStrike was allegedly compromised](https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages). \r\n\r\n\r\n### Solution\r\n\r\nGitHub has released a [public advisory](https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/) detailing additional security changes being made to their package systems. CISA has also released a [security advisory](https://www.cisa.gov/news-events/alerts/2025/09/23/widespread-supply-chain-compromise-impacting-npm-ecosystem).\r\n\r\n#### For npm Users\r\n\r\n- **Audit and replace compromised packages**: Remove any [affected package versions](https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-package) and replace them with known safe versions.\r\n- **Lock dependencies**: Use `package-lock.json` or `npm i --package-lock-only` to lock resolved dependency versions **without executing install scripts**, allowing safe auditing.  For packages that will be redistributed, locally or otherwise, use [`npm shrinkwrap`](https://docs.npmjs.com/cli/v8/commands/npm-shrinkwrap) to lock all direct and transitive dependency versions for reproducible installs.\r\n- **Use internal mirrors**: Set up an [internal npm registry](https://nodeshift.dev/nodejs-reference-architecture/development/npm-proxy/) using tools like [Verdaccio](https://verdaccio.org/) or [Artifactory](https://jfrog.com/help/r/jfrog-artifactory-documentation/npm-repositories), and centrally approve packages before allowing internal use.\r\n- **Disable postinstall scripts**: Use `npm install --ignore-scripts` where feasible to prevent malicious code execution during package installation.\r\n\r\n#### For npm Developers\r\n\r\n- **Rotate all exposed credentials**: Immediately revoke and rotate any CI/CD-related tokens or secrets (GitHub, GitLab, Jenkins, etc.) that may have been exposed.\r\n- **Enforce least privilege**: Use scoped tokens with minimal permissions, and isolate build environments to ensure untrusted code never has access to publishing credentials, especially when using GitHub Actions or similar CI/CD platforms.\r\n\r\n\r\n### Acknowledgements\r\n\r\nThis document was written by Christopher Cullen.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"},{"category":"other","text":"We have resolved this incident and implemented additional security controls to prevent future compromise.\r\nPlease see our [public advisory](https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/) for further information and guidance on securing your NPM infrastructure.","title":"Vendor statment from GitHub"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/534320"},{"url":"https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack#indicators-of-compromise-41","summary":"https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack#indicators-of-compromise-41"},{"url":"https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages","summary":"https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages"},{"url":"https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages","summary":"https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages"},{"url":"https://x.com/ReversingLabs/status/1967576549873381431","summary":"https://x.com/ReversingLabs/status/1967576549873381431"},{"url":"https://github.com/valor-software/ngx-bootstrap/issues/6776","summary":"https://github.com/valor-software/ngx-bootstrap/issues/6776"},{"url":"https://github.com/advisories/GHSA-6m4g-vm7c-f8w6","summary":"https://github.com/advisories/GHSA-6m4g-vm7c-f8w6"},{"url":"https://www.linkedin.com/feed/update/urn:li:activity:7373489836437114880/","summary":"https://www.linkedin.com/feed/update/urn:li:activity:7373489836437114880/"},{"url":"https://thehackernews.com/2025/09/40-npm-packages-compromised-in-supply.html","summary":"https://thehackernews.com/2025/09/40-npm-packages-compromised-in-supply.html"},{"url":"https://www.cisa.gov/news-events/alerts/2025/09/23/widespread-supply-chain-compromise-impacting-npm-ecosystem","summary":"https://www.cisa.gov/news-events/alerts/2025/09/23/widespread-supply-chain-compromise-impacting-npm-ecosystem"}],"title":"NPM supply chain compromise exposes challenges to securing the ecosystem from credential theft and self-propagation","tracking":{"current_release_date":"2025-10-23T17:42:49+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#534320","initial_release_date":"2025-09-29 00:00:00+00:00","revision_history":[{"date":"2025-10-23T17:42:49+00:00","number":"1.20251023174249.3","summary":"Released on 2025-10-23T17:42:49+00:00"}],"status":"final","version":"1.20251023174249.3"}},"vulnerabilities":[{"title":"Unauthorized access via stolen or improperly scoped credentials (tokens), combined with execution of arbitrary code (post-install scripts) in environments where those credentials are available, enabling supply-chain escalation and propagation.","notes":[{"category":"summary","text":"Unauthorized access via stolen or improperly scoped credentials (tokens), combined with execution of arbitrary code (post-install scripts) in environments where those credentials are available, enabling supply-chain escalation and propagation. Key points: Access control failure: tokens had access to more things than they should, e.g. ability to publish packages, access many repos, etc. Secret leakage risk: secrets stored in environment variables / config that code running during dependency install can read. Execution of untrusted code via dependency chain (post-install scripts)."}],"ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#534320"}],"product_status":{"known_not_affected":["CSAFPID-2a44b26e-37dc-11f1-8422-122e2785dc9f"]}}],"product_tree":{"branches":[{"category":"vendor","name":"GitHub","product":{"name":"GitHub Products","product_id":"CSAFPID-2a44b26e-37dc-11f1-8422-122e2785dc9f"}}]}}