Large-Scale npm & PyPI Supply Chain Campaign Suspected Across Multiple Popular Packages
Executive Summary
Upwind researchers are tracking what appears to be a broad active software supply chain campaign impacting multiple npm and PyPI packages commonly used in developer tooling, frontend frameworks, CI/CD environments, and cloud-native application ecosystems.
The activity shows strong indicators of coordinated malicious package publication behavior involving:
- install-time code execution,
- heavily obfuscated payloads,
- credential harvesting,
- CI/CD targeting,
- cloud and Kubernetes secret access,
- persistence behavior,
- and package publishing abuse capabilities.
Several affected packages are widely used across enterprise environments and downstream software ecosystems, significantly increasing potential blast radius.
At the time of publication, the campaign appears ongoing and investigation is still active.
What We Know So Far
Current analysis identified multiple suspicious package releases across npm and PyPI ecosystems.
Observed behaviors include:
- preinstall lifecycle execution
- bun run index.js execution during installation
- heavily obfuscated JavaScript payloads
- install-time arbitrary code execution
- GitHub-based optional dependency injection (@antv/setup)
- credential and token harvesting
- AWS/GitHub/npm/Kubernetes/Vault secret access
- CI/CD workflow manipulation
- package publishing abuse logic
- persistence and evasion behavior
- broad filesystem and environment enumeration
The campaign currently resembles the growing class of modern supply chain attacks targeting developer and CI/CD environments through trusted package ecosystems.
Affected Packages
The following package versions currently show the strongest indicators of active malicious behavior:
| Package | Malicious Version |
| timeago.js | 4.2.2 |
| echarts-for-react | 3.2.7 |
| @antv/g-math | 3.3.0 |
| @antv/scale | 0.7.2 |
| @antv/path-util | 3.2.1 |
| @antv/g-canvas | 2.4.0 |
| jest-date-mock | 1.2.11 |
| jest-canvas-mock | 2.7.3 |
| @antv/matrix-util | 3.2.4 |
Observed payload capabilities include:
- credential harvesting
- cloud secret access
- CI/CD token theft
- npm/GitHub abuse functionality
- remote communication behavior
- persistence logic
- heavily obfuscated execution chains
Observed Campaign Evolution
Current evidence suggests the operation evolved in stages:
Stage 1 – Dependency Injection
Initial suspicious releases introduced GitHub-based optionalDependencies, including references to:
@antv/setup
Stage 2 – Install-Time Execution
Subsequent releases introduced install-time execution logic through:
preinstall
combined with:
bun run index.js
allowing code execution during package installation.
Stage 3 – Full Obfuscated Payload Deployment
Later releases contained fully obfuscated payloads with:
- credential harvesting,
- CI/CD abuse,
- cloud/Kubernetes secret access,
- filesystem enumeration,
- and persistence behavior.
Additional Suspicious npm Releases
Additional suspicious releases currently under investigation include:
- @angular-devkit/[email protected]
- @angular-devkit/[email protected]
- @angular-devkit/[email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- @antv/[email protected]
- @antv/[email protected]
- @antv/[email protected]
- @antv/[email protected]
- @antv/[email protected]
- @antv/[email protected]
- @antv/[email protected]
Suspicious PyPI Releases
Suspicious PyPI packages identified so far include:
At this stage, analysis of the Python ecosystem activity is still ongoing.
Potential Impact
The observed behaviors indicate potential targeting of:
- developer workstations,
- CI/CD runners,
- GitHub Actions environments,
- cloud credentials,
- Kubernetes infrastructure,
- package publishing workflows,
- and software release pipelines.
If successfully executed, the malware could potentially enable:
- cloud credential compromise,
- CI/CD compromise,
- package publishing abuse,
- downstream software supply chain propagation,
- persistence within developer environments,
- and unauthorized access to internal infrastructure.
Recommendations
Organizations should immediately:
- avoid installing or upgrading to affected versions,
- audit developer and CI/CD environments,
- review package installation logs,
- investigate suspicious preinstall execution,
- review outbound network activity,
- audit GitHub Actions and workflow modifications,
- rotate potentially exposed credentials and tokens,
- review package publishing permissions and npm authentication activity.
Any developer workstation or CI/CD runner that installed affected versions should be treated as potentially high risk until further investigation is completed.
Current Status
At the time of publication:
- the campaign appears active,
- package analysis is ongoing,
- additional affected packages may still emerge,
- and further technical details and IOCs will be published as investigation continues.
Upwind researchers continue tracking the activity and analyzing package payloads, infrastructure, credential access behavior, and potential downstream propagation mechanisms.
