This is a supply chain attack that has impacted 198 unique npm packages spanning multiple maintainers. The malware campaign (part of the “Shai-Hulud” attack) has compromised npm packages in a worm-like manner.
The malware affects various packages from different maintainers. Some are public; others belong to popular vendors like CrowdStrike. Altogether, these packages have more than 2 billion downloads per week. Considering their high number of installations, the number of affected packages will only increase in the coming days.
How the attack works
The malicious versions leverage a function (NpmModule.updatePackage) that retrieves a package tarball. Then it alters its package.json, embedding a local script (bundle.js), rebuilding the archive, republishing it, and automating the trojanization of downstream packages.
Malware Analysis
The malware contains a bundle.js script that runs automatically when the package is installed. The script does the following tasks:
- Downloads and runs TruffleHog (a legitimate secret scanner)
- Scans hosts for tokens and cloud credentials
- Validates any discovered developer or CI tokens
- Injects unauthorized GitHub Actions workflows into repositories
- Exfiltrates sensitive data to a hardcoded webhook endpoint
The script combines local scanning with service-specific probing. It looks for environment variables such as GITHUB_TOKEN, NPM_TOKEN, AWS_ACCESS_KEY_ID, and AWS_SECRET_ACCESS_KEY. It validates npm tokens and interacts with GitHub APIs when a token is available. It also attempts cloud metadata discovery that can leak short-lived credentials inside cloud build agents.
Now, let’s talk about the leading cause of the attack, “The Phishing Email”. The maintainer shared that he was compromised via a phishing email coming from su*****@***js.help:
Image Source: aikido
It’s interesting to note that the domain was registered on September 5th, 2025, a few days before the attack. After getting into the news, the maintainer tweeted that he was aware of being compromised and starting to clean up the compromised packages.
Image Source: aikido
Affected Packages and Versions
| S. No | Package | Version |
| 1 | @ahmedhfarag/ngx-perfect-scrollbar | 20.0.20 |
| 2 | @ahmedhfarag/ngx-virtual-scroller | 4.0.4 |
| 3 | @art-ws/common | 2.0.28 |
| 4 | @art-ws/config-eslint | 2.0.4, 2.0.5 |
| 5 | @art-ws/config-ts | 2.0.7, 2.0.8 |
| 6 | @art-ws/db-context | 2.0.24 |
| 7 | @art-ws/di | 2.0.28, 2.0.32 |
| 8 | @art-ws/di-node | 2.0.13 |
| 9 | @art-ws/eslint | 1.0.5, 1.0.6 |
| 10 | @art-ws/fastify-http-server | 2.0.24, 2.0.27 |
| 11 | @art-ws/http-server | 2.0.21, 2.0.25 |
| 12 | @art-ws/openapi | 0.1.12, 0.1.9 |
| 13 | @art-ws/package-base | 1.0.5, 1.0.6 |
| 14 | @art-ws/prettier | 1.0.5, 1.0.6 |
| 15 | @art-ws/slf | 2.0.15, 2.0.22 |
| 16 | @art-ws/ssl-info | 1.0.10, 1.0.9 |
| 17 | @art-ws/web-app | 1.0.3, 1.0.4 |
| 18 | @crowdstrike/commitlint | 8.1.1, 8.1.2 |
| 19 | @crowdstrike/falcon-shoelace | 0.4.1, 0.4.2 |
| 20 | @crowdstrike/foundry-js | 0.19.1, 0.19.2 |
| 21 | @crowdstrike/glide-core | 0.34.2, 0.34.3 |
| 22 | @crowdstrike/logscale-dashboard | 1.205.1, 1.205.2 |
| 23 | @crowdstrike/logscale-file-editor | 1.205.1, 1.205.2 |
| 24 | @crowdstrike/logscale-parser-edit | 1.205.1, 1.205.2 |
| 25 | @crowdstrike/logscale-search | 1.205.1, 1.205.2 |
| 26 | @crowdstrike/tailwind-toucan-base | 5.0.1, 5.0.2 |
| 27 | @ctrl/deluge | 7.2.1, 7.2.2 |
| 28 | @ctrl/golang-template | 1.4.2, 1.4.3 |
| 29 | @ctrl/magnet-link | 4.0.3, 4.0.4 |
| 30 | @ctrl/ngx-codemirror | 7.0.1, 7.0.2 |
| 31 | @ctrl/ngx-csv | 6.0.1, 6.0.2 |
| 32 | @ctrl/ngx-emoji-mart | 9.2.1, 9.2.2 |
| 33 | @ctrl/ngx-rightclick | 4.0.1, 4.0.2 |
| 34 | @ctrl/qbittorrent | 9.7.1, 9.7.2 |
| 35 | @ctrl/react-adsense | 2.0.1, 2.0.2 |
| 36 | @ctrl/shared-torrent | 6.3.1, 6.3.2 |
| 37 | @ctrl/tinycolor | 4.1.1, 4.1.2 |
| 38 | @ctrl/torrent-file | 4.1.1, 4.1.2 |
| 39 | @ctrl/transmission | 7.3.1 |
| 40 | @ctrl/ts-base32 | 4.0.1, 4.0.2 |
| 41 | @hestjs/core | 0.2.1 |
| 42 | @hestjs/cqrs | 0.1.6 |
| 43 | @hestjs/demo | 0.1.2 |
| 44 | @hestjs/eslint-config | 0.1.2 |
| 45 | @hestjs/logger | 0.1.6 |
| 46 | @hestjs/scalar | 0.1.7 |
| 47 | @hestjs/validation | 0.1.6 |
| 48 | @nativescript-community/arraybuffers | 1.1.6, 1.1.7, 1.1.8 |
| 49 | @nativescript-community/gesturehandler | 2.0.35 |
| 50 | @nativescript-community/perms | 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9 |
| 51 | @nativescript-community/sentry | 4.6.43 |
| 52 | @nativescript-community/sqlite | 3.5.2, 3.5.3, 3.5.4, 3.5.5 |
| 53 | @nativescript-community/text | 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.9 |
| 54 | @nativescript-community/typeorm | 0.2.30, 0.2.31, 0.2.32, 0.2.33 |
| 55 | @nativescript-community/ui-collectionview | 6.0.6 |
| 56 | @nativescript-community/ui-document-picker | 1.1.27, 1.1.28 |
| 57 | @nativescript-community/ui-drawer | 0.1.30 |
| 58 | @nativescript-community/ui-image | 4.5.6 |
| 59 | @nativescript-community/ui-label | 1.3.35, 1.3.36, 1.3.37 |
| 60 | @nativescript-community/ui-material-bottom-navigation | 7.2.72, 7.2.73, 7.2.74, 7.2.75 |
| 61 | @nativescript-community/ui-material-bottomsheet | 7.2.72 |
| 62 | @nativescript-community/ui-material-core | 7.2.72, 7.2.73, 7.2.74, 7.2.75, 7.2.76 |
| 63 | @nativescript-community/ui-material-core-tabs | 7.2.72, 7.2.73, 7.2.74, 7.2.75, 7.2.76 |
| 64 | @nativescript-community/ui-material-ripple | 7.2.72, 7.2.73, 7.2.74, 7.2.75 |
| 65 | @nativescript-community/ui-material-tabs | 7.2.72, 7.2.73, 7.2.74, 7.2.75 |
| 66 | @nativescript-community/ui-pager | 14.1.36, 14.1.37, 14.1.38 |
| 67 | @nativescript-community/ui-pulltorefresh | 2.5.4, 2.5.5, 2.5.6, 2.5.7 |
| 68 | @nexe/config-manager | 0.1.1 |
| 69 | @nexe/eslint-config | 0.1.1 |
| 70 | @nexe/logger | 0.1.3 |
| 71 | @nstudio/angular | 20.0.4, 20.0.5, 20.0.6 |
| 72 | @nstudio/focus | 20.0.4, 20.0.5, 20.0.6 |
| 73 | @nstudio/nativescript-checkbox | 2.0.6, 2.0.7, 2.0.8, 2.0.9 |
| 74 | @nstudio/nativescript-loading-indicator | 5.0.1, 5.0.2, 5.0.3, 5.0.4 |
| 75 | @nstudio/ui-collectionview | 5.1.11, 5.1.12, 5.1.13, 5.1.14 |
| 76 | @nstudio/web | 20.0.4 |
| 77 | @nstudio/web-angular | 20.0.4 |
| 78 | @nstudio/xplat | 20.0.5, 20.0.6, 20.0.7 |
| 79 | @nstudio/xplat-utils | 20.0.5, 20.0.6, 20.0.7 |
| 80 | @operato/board | 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46, 9.0.47, 9.0.48, 9.0.49, 9.0.50, 9.0.51 |
| 81 | @operato/data-grist | 9.0.29, 9.0.35, 9.0.36, 9.0.37 |
| 82 | @operato/graphql | 9.0.22, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46, 9.0.47, 9.0.48, 9.0.49, 9.0.50, 9.0.51 |
| 83 | @operato/headroom | 9.0.2, 9.0.35, 9.0.36, 9.0.37 |
| 84 | @operato/help | 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46, 9.0.47, 9.0.48, 9.0.49, 9.0.50, 9.0.51 |
| 85 | @operato/i18n | 9.0.35, 9.0.36, 9.0.37 |
| 86 | @operato/input | 9.0.27, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46, 9.0.47, 9.0.48 |
| 87 | @operato/layout | 9.0.35, 9.0.36, 9.0.37 |
| 88 | @operato/popup | 9.0.22, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46, 9.0.47, 9.0.48, 9.0.49, 9.0.50, 9.0.51 |
| 89 | @operato/pull-to-refresh | 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46, 9.0.47 |
| 90 | @operato/shell | 9.0.22, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39 |
| 91 | @operato/styles | 9.0.2, 9.0.35, 9.0.36, 9.0.37 |
| 92 | @operato/utils | 9.0.22, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46, 9.0.47, 9.0.48, 9.0.49, 9.0.50, 9.0.51 |
| 93 | @rxap/ngx-bootstrap | 19.0.3, 19.0.4 |
| 94 | @teriyakibomb/ember-velcro | 2.2.1 |
| 95 | @teselagen/bio-parsers | 0.4.30 |
| 96 | @teselagen/bounce-loader | 0.3.16, 0.3.17 |
| 97 | @teselagen/file-utils | 0.3.22 |
| 98 | @teselagen/liquibase-tools | 0.4.1 |
| 99 | @teselagen/ove | 0.7.40 |
| 100 | @teselagen/range-utils | 0.3.14, 0.3.15 |
| 101 | @teselagen/react-list | 0.8.19, 0.8.20 |
| 102 | @teselagen/react-table | 6.10.19, 6.10.20, 6.10.22 |
| 103 | @teselagen/sequence-utils | 0.3.34 |
| 104 | @teselagen/ui | 0.9.10 |
| 105 | @thangved/callback-window | 1.1.4 |
| 106 | @things-factory/attachment-base | 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46, 9.0.47, 9.0.48, 9.0.49, 9.0.50, 9.0.51, 9.0.52, 9.0.53, 9.0.54, 9.0.55 |
| 107 | @things-factory/auth-base | 9.0.42, 9.0.43, 9.0.44, 9.0.45 |
| 108 | @things-factory/email-base | 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46, 9.0.47, 9.0.48, 9.0.49, 9.0.50, 9.0.51, 9.0.52, 9.0.53, 9.0.54, 9.0.55, 9.0.56, 9.0.57, 9.0.58, 9.0.59 |
| 109 | @things-factory/env | 9.0.42, 9.0.43, 9.0.44, 9.0.45 |
| 110 | @things-factory/integration-base | 9.0.42, 9.0.43, 9.0.44, 9.0.45 |
| 111 | @things-factory/integration-marketplace | 9.0.43, 9.0.44, 9.0.45 |
| 112 | @things-factory/shell | 9.0.42, 9.0.43, 9.0.44, 9.0.45 |
| 113 | @tnf-dev/api | 1.0.8 |
| 114 | @tnf-dev/core | 1.0.8 |
| 115 | @tnf-dev/js | 1.0.8 |
| 116 | @tnf-dev/mui | 1.0.8 |
| 117 | @tnf-dev/react | 1.0.8 |
| 118 | @ui-ux-gang/devextreme-angular-rpk | 24.1.7 |
| 119 | @yoobic/design-system | 6.5.17 |
| 120 | @yoobic/jpeg-camera-es6 | 1.0.13 |
| 121 | @yoobic/yobi | 8.7.53 |
| 122 | airchief | 0.3.1 |
| 123 | airpilot | 0.8.8 |
| 124 | angulartics2 | 14.1.1, 14.1.2 |
| 125 | another-shai | 1.0.1 |
| 126 | browser-webdriver-downloader | 3.0.8 |
| 127 | capacitor-notificationhandler | 0.0.2, 0.0.3 |
| 128 | capacitor-plugin-healthapp | 0.0.2, 0.0.3 |
| 129 | capacitor-plugin-ihealth | 1.1.8, 1.1.9 |
| 130 | capacitor-plugin-vonage | 1.0.2, 1.0.3 |
| 131 | capacitorandroidpermissions | 0.0.4, 0.0.5 |
| 132 | config-cordova | 0.8.5 |
| 133 | cordova-plugin-voxeet2 | 1.0.24 |
| 134 | cordova-voxeet | 1.0.32 |
| 135 | create-hest-app | 0.1.9 |
| 136 | db-evo | 1.1.4, 1.1.5 |
| 137 | devextreme-angular-rpk | 21.2.8 |
| 138 | ember-browser-services | 5.0.2, 5.0.3 |
| 139 | ember-headless-form | 1.1.2, 1.1.3 |
| 140 | ember-headless-form-yup | 1.0.1 |
| 141 | ember-headless-table | 2.1.5, 2.1.6 |
| 142 | ember-url-hash-polyfill | 1.0.12, 1.0.13 |
| 143 | ember-velcro | 2.2.1, 2.2.2 |
| 144 | encounter-playground | 0.0.2, 0.0.3, 0.0.4, 0.0.5 |
| 145 | eslint-config-crowdstrike | 11.0.2, 11.0.3 |
| 146 | eslint-config-crowdstrike-node | 4.0.3, 4.0.4 |
| 147 | eslint-config-teselagen | 6.1.7, 6.1.8 |
| 148 | globalize-rpk | 1.7.4 |
| 149 | graphql-sequelize-teselagen | 5.3.8, 5.3.9 |
| 150 | html-to-base64-image | 1.0.2 |
| 151 | json-rules-engine-simplified | 0.2.1, 0.2.4 |
| 152 | jumpgate | 0.0.2 |
| 153 | koa2-swagger-ui | 5.11.1, 5.11.2 |
| 154 | mcfly-semantic-release | 1.3.1 |
| 155 | mcp-knowledge-base | 0.0.2 |
| 156 | mcp-knowledge-graph | 1.2.1 |
| 157 | mobioffice-cli | 1.0.3 |
| 158 | monorepo-next | 13.0.1, 13.0.2 |
| 159 | mstate-angular | 0.4.4 |
| 160 | mstate-cli | 0.4.7 |
| 161 | mstate-dev-react | 1.1.1 |
| 162 | mstate-react | 1.6.5 |
| 163 | ng2-file-upload | 7.0.2, 7.0.3, 8.0.1, 8.0.2, 8.0.3, 9.0.1 |
| 164 | ngx-bootstrap | 18.1.4, 19.0.3, 19.0.4, 20.0.3, 20.0.4, 20.0.5 |
| 165 | ngx-color | 10.0.1, 10.0.2 |
| 166 | ngx-toastr | 19.0.1, 19.0.2 |
| 167 | ngx-trend | 8.0.1 |
| 168 | ngx-ws | 1.1.5, 1.1.6 |
| 169 | oradm-to-gql | 35.0.14, 35.0.15 |
| 170 | oradm-to-sqlz | 1.1.2 |
| 171 | ove-auto-annotate | 0.0.10, 0.0.9 |
| 172 | pm2-gelf-json | 1.0.4, 1.0.5 |
| 173 | printjs-rpk | 1.6.1 |
| 174 | react-complaint-image | 0.0.32, 0.0.35 |
| 175 | react-jsonschema-form-conditionals | 0.3.18, 0.3.21 |
| 176 | react-jsonschema-form-extras | 1.0.4 |
| 177 | react-jsonschema-rxnt-extras | 0.4.9 |
| 178 | remark-preset-lint-crowdstrike | 4.0.1, 4.0.2 |
| 179 | rxnt-authentication | 0.0.3, 0.0.4, 0.0.5, 0.0.6 |
| 180 | rxnt-healthchecks-nestjs | 1.0.2, 1.0.3, 1.0.4, 1.0.5 |
| 181 | rxnt-kue | 1.0.4, 1.0.5, 1.0.6, 1.0.7 |
| 182 | swc-plugin-component-annotate | 1.9.1, 1.9.2 |
| 183 | tbssnch | 1.0.2 |
| 184 | teselagen-interval-tree | 1.1.2 |
| 185 | tg-client-query-builder | 2.14.4, 2.14.5 |
| 186 | tg-redbird | 1.3.1, 1.3.2 |
| 187 | tg-seq-gen | 1.0.10, 1.0.9 |
| 188 | thangved-react-grid | 1.0.3 |
| 189 | ts-gaussian | 3.0.5, 3.0.6 |
| 190 | ts-imports | 1.0.1, 1.0.2 |
| 191 | tvi-cli | 0.1.5 |
| 192 | ve-bamreader | 0.2.6, 0.2.7 |
| 193 | ve-editor | 1.0.1, 1.0.2 |
| 194 | verror-extra | 6.0.1 |
| 195 | voip-callkit | 1.0.2, 1.0.3 |
| 196 | wdio-web-reporter | 0.1.3 |
| 197 | yargs-help-output | 5.0.3 |
| 198 | yoo-styles | 6.0.326 |
Mitigation
There are no patches as of now. Customers are advised to uninstall the affected packages.
Containment of Malicious Packages
If a user has installed one of the affected packages that has exfiltrated sensitive information from the system.
User can perform the following operation:
- Rotate any access tokens stored on the affected machine of the following providers: GitHub, NPM, AWS, GCP, and Azure.
- Rotate any access tokens stored on the affected machine, which TruffleHog can identify. Supported providers can be searched for in Trufflehog’s GitHub repository.
Qualys Detection
Qualys customers can scan their devices with QIDs 5005322 and 5005466 to detect vulnerable assets.
Note: QIDs 5005322 and 5005466 are available via SwCA, which needs to be enabled.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages
https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised
https://www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-packages-compromised
https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages