Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware

The Shai-Hulud attack is a large-scale npm supply chain compromise discovered in mid-September 2025 in which malicious versions of over 100 npm packages were published. These compromised packages carry a post-install script that steals sensitive data (environment variables, secrets, and cloud metadata exposed via IMDS) and exfiltrates them to attacker-controlled GitHub repositories. Critically, the malware behaves like a worm: if it detects npm/GitHub tokens in a system, it uses them to push malicious workflows, migrate private repos to public with attacker ownership, and publishes new malicious versions of packages to grow its reach. Wiz links this campaign directly to a prior token theft incident (called the s1ngularity/Nx compromise), putting it in a chain of upstream compromise through token leakage to npm poisoning. Because of its self-propagation, breadth, and dual vector of data theft and repo compromise, this is assessed as one of the most severe JavaScript/npm supply chain attacks observed to date.

Shai-Hulud stands out for its worm-like propagation, abusing stolen npm and GitHub tokens to autonomously spread by publishing malicious packages. Unlike prior static package compromises, it actively migrates private repos to attacker-controlled public ones, exposing sensitive code. Its linkage to an upstream GitHub token theft shows adversaries chaining incidents in new ways, and the combination of repo hijacking, credential abuse, and large-scale package poisoning marks a notable escalation in npm supply chain threats.