npm Supply Chain Attack: Shai Hulud Worm Escalates August Nx Compromise
Sep 16, 2025
On September 16, 2025, a large-scale npm supply chain attack was discovered, which seems to be linked to the same threat actors behind the August 27 Nx compromise (under ongoing investigation). Dubbed Shai Hulud, this self-propagating worm has infected nearly 40 npm packages, including several from CrowdStrike, by harvesting secrets from CI/CD pipelines and cloud metadata endpoints, exfiltrating them via GitHub repositories and malicious workflows, and publishing them to attacker-controlled webhooks. This represents a significant escalation from the original Nx attack, turning targeted compromise into a fully automated worm affecting the broader npm ecosystem.
What the Malware Does
Shai Hulud is a self-propagating worm with a multi-stage attack strategy. It begins by harvesting secrets from CI/CD environments, environment variables, TruffleHog scans, and cloud metadata endpoints. Once collected, these secrets are exfiltrated in two ways: the worm creates new GitHub repositories named Shai-Hulud containing JSON dumps of sensitive data, and it posts the same data to attacker-controlled webhooks through malicious GitHub Actions workflows.
To propagate itself, Shai Hulud modifies and republishes npm packages under compromised maintainer accounts, allowing the malware to spread automatically across the ecosystem. Finally, the worm amplifies its impact by turning private repositories public and injecting additional workflows to trigger further exfiltration, maximizing both the scale and speed of the compromise.
Indicators of Compromise (IoCs)
Security teams can monitor for the following signs:
- Creation of GitHub repos named Shai-Hulud under maintainer accounts.
- Presence of .github/workflows/shai-hulud-workflow.yml.
- Suspicious CI/CD activity accessing secrets and posting to unknown webhooks.
- Modified npm packages with unexpected postinstall hooks.
These versions were live for approximately two hours before clean versions replaced them.
Why This Matters
- Shai Hulud demonstrates how a single compromise can escalate into a worm affecting hundreds of packages.
- The attack exposes credentials, environment secrets, and potentially sensitive configuration across multiple organizations.
- Automated propagation increases the speed and scale of the supply chain compromise, impacting many developers in a short period.
Compromised Github accounts
Nearly 40 npm packages are affected, owned by the following maintainers:
- @ahmedhfarag
- @art-ws
- @crowdstrike
- @ctrl
- @hestjs
- @nativescript-community
- @nexe
- @nstudio
- @operato
- @teselagen
- @thangved
- @things-factory
- @tnf-dev
- @ui-ux-gang
- @yoobic
Developers should immediately check lockfiles and deployments for these packages.
Steps for Developers
Security teams can use the following to hunt for compromise:
- Audit Dependencies: Check package-lock.json or yarn.lock for affected versions.
- Scan CI/CD Pipelines: Identify unusual environment access or secret exfiltration.
- Update Packages: Pin to patched versions released after detection.
- Monitor GitHub Accounts: Look for unexpected repos, workflows, or public repository changes.
- Implement Runtime Monitoring: Detect suspicious network calls or GitHub Actions activity.
Code Analysis
Review of the Shai Hulud malware reveals several key behaviors and coding patterns:
- Obfuscation: The malware uses heavily obfuscated JavaScript to hide its functionality, making static analysis challenging.
- Dynamic Package Modification: Lifecycle hooks like postinstall are injected into npm packages to execute the worm on installation.
- Environment Awareness: The code contains logic to detect CI/CD environments, cloud metadata endpoints, and existing npm tokens to maximize its impact.
- Stealth Techniques: Temporary variables and double-base64 encoding are used to conceal exfiltrated data in both GitHub Actions logs and network requests.
- AI-Assisted Development: Some parts of the code suggest the attacker leveraged AI coding tools to generate advanced and efficient payloads, demonstrating how AI can be abused to accelerate complex malware creation.
Our team is actively reversing the malware to uncover additional capabilities, further updates will be provided as the analysis progresses.
How Upwind Protects You
- Advanced dependency scanning to automatically identify and flag vulnerable package version
- With Upwind sensor runtime protection, suspicious downloads and network actions are identified in real time
- Applied behavioral analytics to uncover obfuscated scripts and unusual client-side activity that might indicate a compromise
- Risk prioritization to ensure that security teams can focus their attention on the most critical vulnerabilities and attacks.
For support in identifying compromised packages, reach out to [email protected].
You can find the full list of affected packages below:
| @ahmedhfarag/ngx-perfect-scrollbar | 20.0.20 |
| @ahmedhfarag/ngx-virtual-scroller | 4.0.4 |
| @art-ws/common | 2.0.28 |
| @art-ws/config-eslint | 2.0.4, 2.0.5 |
| @art-ws/config-ts | 2.0.7, 2.0.8 |
| @art-ws/db-context | 2.0.24 |
| @art-ws/di | 2.0.28, 2.0.32 |
| @art-ws/di-node | 2.0.13 |
| @art-ws/eslint | 1.0.5, 1.0.6 |
| @art-ws/fastify-http-server | 2.0.24, 2.0.27 |
| @art-ws/http-server | 2.0.21, 2.0.25 |
| @art-ws/openapi | 0.1.9, 0.1.12 |
| @art-ws/package-base | 1.0.5, 1.0.6 |
| @art-ws/prettier | 1.0.5, 1.0.6 |
| @art-ws/slf | 2.0.15, 2.0.22 |
| @art-ws/ssl-info | 1.0.9, 1.0.10 |
| @art-ws/web-app | 1.0.3, 1.0.4 |
| @crowdstrike/commitlint | 8.1.1, 8.1.2 |
| @crowdstrike/falcon-shoelace | 0.4.1, 0.4.2 |
| @crowdstrike/foundry-js | 0.19.1, 0.19.2 |
| @crowdstrike/glide-core | 0.34.2, 0.34.3 |
| @crowdstrike/logscale-dashboard | 1.205.1, 1.205.2 |
| @crowdstrike/logscale-file-editor | 1.205.1, 1.205.2 |
| @crowdstrike/logscale-parser-edit | 1.205.1, 1.205.2 |
| @crowdstrike/logscale-search | 1.205.1, 1.205.2 |
| @crowdstrike/tailwind-toucan-base | 5.0.1, 5.0.2 |
| @ctrl/deluge | 7.2.1, 7.2.2 |
| @ctrl/golang-template | 1.4.2, 1.4.3 |
| @ctrl/magnet-link | 4.0.3, 4.0.4 |
| @ctrl/ngx-codemirror | 7.0.1, 7.0.2 |
| @ctrl/ngx-csv | 6.0.1, 6.0.2 |
| @ctrl/ngx-emoji-mart | 9.2.1, 9.2.2 |
| @ctrl/ngx-rightclick | 4.0.1, 4.0.2 |
| @ctrl/qbittorrent | 9.7.1, 9.7.2 |
| @ctrl/react-adsense | 2.0.1, 2.0.2 |
| @ctrl/shared-torrent | 6.3.1, 6.3.2 |
| @ctrl/tinycolor | 4.1.1, 4.1.2 |
| @ctrl/torrent-file | 4.1.1, 4.1.2 |
| @ctrl/transmission | 7.3.1 |
| @ctrl/ts-base32 | 4.0.1, 4.0.2 |
| @hestjs/core | 0.2.1 |
| @hestjs/cqrs | 0.1.6 |
| @hestjs/demo | 0.1.2 |
| @hestjs/eslint-config | 0.1.2 |
| @hestjs/logger | 0.1.6 |
| @hestjs/scalar | 0.1.7 |
| @hestjs/validation | 0.1.6 |
| @nativescript-community/arraybuffers | 1.1.6, 1.1.7, 1.1.8 |
| @nativescript-community/gesturehandler | 2.0.35 |
| @nativescript-community/perms | 3.0.5, 3.0.6, 3.0.7, 3.0.8 |
| @nativescript-community/sqlite | 3.5.2, 3.5.3, 3.5.4, 3.5.5 |
| @nativescript-community/text | 1.6.9, 1.6.10, 1.6.11, 1.6.12 |
| @nativescript-community/typeorm | 0.2.30, 0.2.31, 0.2.32, 0.2.33 |
| @nativescript-community/ui-collectionview | 6.0.6 |
| @nativescript-community/ui-document-picker | 1.1.27, 1.1.28 |
| @nativescript-community/ui-drawer | 0.1.30 |
| @nativescript-community/ui-image | 4.5.6 |
| @nativescript-community/ui-label | 1.3.35, 1.3.36, 1.3.37 |
| @nativescript-community/ui-material-bottom-navigation | 7.2.72, 7.2.73, 7.2.74, 7.2.75 |
| @nativescript-community/ui-material-bottomsheet | 7.2.72 |
| @nativescript-community/ui-material-core | 7.2.72, 7.2.73, 7.2.74, 7.2.75 |
| @nativescript-community/ui-material-core-tabs | 7.2.72, 7.2.73, 7.2.74, 7.2.75 |
| @nativescript-community/ui-material-ripple | 7.2.72, 7.2.73, 7.2.74, 7.2.75 |
| @nativescript-community/ui-material-tabs | 7.2.72, 7.2.73, 7.2.74, 7.2.75 |
| @nativescript-community/ui-pager | 14.1.36, 14.1.37, 14.1.38 |
| @nativescript-community/ui-pulltorefresh | 2.5.4, 2.5.5, 2.5.6, 2.5.7 |
| @nexe/config-manager | 0.1.1 |
| @nexe/eslint-config | 0.1.1 |
| @nexe/logger | 0.1.3 |
| @nstudio/angular | 20.0.4, 20.0.5, 20.0.6 |
| @nstudio/focus | 20.0.4, 20.0.5, 20.0.6 |
| @nstudio/nativescript-checkbox | 2.0.6, 2.0.7, 2.0.8, 2.0.9 |
| @nstudio/nativescript-loading-indicator | 5.0.1, 5.0.2, 5.0.3, 5.0.4 |
| @nstudio/ui-collectionview | 5.1.11, 5.1.12, 5.1.13, 5.1.14 |
| @nstudio/web | 20.0.4 |
| @nstudio/web-angular | 20.0.4 |
| @nstudio/xplat | 20.0.5, 20.0.6, 20.0.7 |
| @nstudio/xplat-utils | 20.0.5, 20.0.6, 20.0.7 |
| @operato/board | 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46 |
| @operato/data-grist | 9.0.29, 9.0.35, 9.0.36, 9.0.37 |
| @operato/graphql | 9.0.22, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46 |
| @operato/headroom | 9.0.2, 9.0.35, 9.0.36, 9.0.37 |
| @operato/help | 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46 |
| @operato/i18n | 9.0.35, 9.0.36, 9.0.37 |
| @operato/input | 9.0.27, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46 |
| @operato/layout | 9.0.35, 9.0.36, 9.0.37 |
| @operato/popup | 9.0.22, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46 |
| @operato/pull-to-refresh | 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42 |
| @operato/shell | 9.0.22, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39 |
| @operato/styles | 9.0.2, 9.0.35, 9.0.36, 9.0.37 |
| @operato/utils | 9.0.22, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46 |
| @teselagen/bounce-loader | 0.3.16, 0.3.17 |
| @teselagen/liquibase-tools | 0.4.1 |
| @teselagen/range-utils | 0.3.14, 0.3.15 |
| @teselagen/react-list | 0.8.19, 0.8.20 |
| @teselagen/react-table | 6.10.19 |
| @thangved/callback-window | 1.1.4 |
| @things-factory/attachment-base | 9.0.43, 9.0.44, 9.0.45, 9.0.46, 9.0.47, 9.0.48, 9.0.49, 9.0.50 |
| @things-factory/auth-base | 9.0.43, 9.0.44, 9.0.45 |
| @things-factory/email-base | 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46, 9.0.47, 9.0.48, 9.0.49, 9.0.50, 9.0.51, 9.0.52, 9.0.53, 9.0.54 |
| @things-factory/env | 9.0.42, 9.0.43, 9.0.44, 9.0.45 |
| @things-factory/integration-base | 9.0.43, 9.0.44, 9.0.45 |
| @things-factory/integration-marketplace | 9.0.43, 9.0.44, 9.0.45 |
| @things-factory/shell | 9.0.43, 9.0.44, 9.0.45 |
| @tnf-dev/api | 1.0.8 |
| @tnf-dev/core | 1.0.8 |
| @tnf-dev/js | 1.0.8 |
| @tnf-dev/mui | 1.0.8 |
| @tnf-dev/react | 1.0.8 |
| @ui-ux-gang/devextreme-angular-rpk | 24.1.7 |
| @yoobic/design-system | 6.5.17 |
| @yoobic/jpeg-camera-es6 | 1.0.13 |
| @yoobic/yobi | 8.7.53 |
| airchief | 0.3.1 |
| airpilot | 0.8.8 |
| angulartics2 | 14.1.1, 14.1.2 |
| browser-webdriver-downloader | 3.0.8 |
| capacitor-notificationhandler | 0.0.2, 0.0.3 |
| capacitor-plugin-healthapp | 0.0.2, 0.0.3 |
| capacitor-plugin-ihealth | 1.1.8, 1.1.9 |
| capacitor-plugin-vonage | 1.0.2, 1.0.3 |
| capacitorandroidpermissions | 0.0.4, 0.0.5 |
| config-cordova | 0.8.5 |
| cordova-plugin-voxeet2 | 1.0.24 |
| cordova-voxeet | 1.0.32 |
| create-hest-app | 0.1.9 |
| db-evo | 1.1.4, 1.1.5 |
| devextreme-angular-rpk | 21.2.8 |
| ember-browser-services | 5.0.2, 5.0.3 |
| ember-headless-form | 1.1.2, 1.1.3 |
| ember-headless-form-yup | 1.0.1 |
| ember-headless-table | 2.1.5, 2.1.6 |
| ember-url-hash-polyfill | 1.0.12, 1.0.13 |
| ember-velcro | 2.2.1, 2.2.2 |
| encounter-playground | 0.0.2, 0.0.3, 0.0.4, 0.0.5 |
| eslint-config-crowdstrike | 11.0.2, 11.0.3 |
| eslint-config-crowdstrike-node | 4.0.3, 4.0.4 |
| eslint-config-teselagen | 6.1.7 |
| globalize-rpk | 1.7.4 |
| graphql-sequelize-teselagen | 5.3.8 |
| html-to-base64-image | 1.0.2 |
| json-rules-engine-simplified | 0.2.1 |
| jumpgate | 0.0.2 |
| koa2-swagger-ui | 5.11.1, 5.11.2 |
| mcfly-semantic-release | 1.3.1 |
| mcp-knowledge-base | 0.0.2 |
| mcp-knowledge-graph | 1.2.1 |
| mobioffice-cli | 1.0.3 |
| monorepo-next | 13.0.1, 13.0.2 |
| mstate-angular | 0.4.4 |
| mstate-cli | 0.4.7 |
| mstate-dev-react | 1.1.1 |
| mstate-react | 1.6.5 |
| ng2-file-upload | 7.0.2, 7.0.3, 8.0.1, 8.0.2, 8.0.3, 9.0.1 |
| ngx-bootstrap | 18.1.4, 19.0.3, 19.0.4, 20.0.3, 20.0.4, 20.0.5 |
| ngx-color | 10.0.1, 10.0.2 |
| ngx-toastr | 19.0.1, 19.0.2 |
| ngx-trend | 8.0.1 |
| ngx-ws | 1.1.5, 1.1.6 |
| oradm-to-gql | 35.0.14, 35.0.15 |
| oradm-to-sqlz | 1.1.2 |
| ove-auto-annotate | 0.0.9 |
| pm2-gelf-json | 1.0.4, 1.0.5 |
| printjs-rpk | 1.6.1 |
| react-complaint-image | 0.0.32 |
| react-jsonschema-form-conditionals | 0.3.18 |
| remark-preset-lint-crowdstrike | 4.0.1, 4.0.2 |
| rxnt-authentication | 0.0.3, 0.0.4, 0.0.5, 0.0.6 |
| rxnt-healthchecks-nestjs | 1.0.2, 1.0.3, 1.0.4, 1.0.5 |
| rxnt-kue | 1.0.4, 1.0.5, 1.0.6, 1.0.7 |
| swc-plugin-component-annotate | 1.9.1, 1.9.2 |
| tbssnch | 1.0.2 |
| teselagen-interval-tree | 1.1.2 |
| tg-client-query-builder | 2.14.4, 2.14.5 |
| tg-redbird | 1.3.1 |
| tg-seq-gen | 1.0.9, 1.0.10 |
| thangved-react-grid | 1.0.3 |
| ts-gaussian | 3.0.5, 3.0.6 |
| ts-imports | 1.0.1, 1.0.2 |
| tvi-cli | 0.1.5 |
| ve-bamreader | 0.2.6 |
| ve-editor | 1.0.1 |
| verror-extra | 6.0.1 |
| voip-callkit | 1.0.2, 1.0.3 |
| wdio-web-reporter | 0.1.3 |
| yargs-help-output | 5.0.3 |
| yoo-styles | 6.0.326 |
