← BACK TO FEED
npmsupply chain attackmalwareShai-HuludJavaScript

Another npm Account Hijacked, 314 Packages Poisoned in Under Half an Hour

A compromised npm account infected 314 JavaScript packages — including popular ones like size-sensor and echarts-for-react with millions of monthly downloads — with malware that steals credentials for cloud platforms, GitHub, and npm, and uses GitHub as a command-and-control backdoor. The attack, which unfolded in just 22 minutes, follows the same pattern as a similar incident three weeks ago and is part of an ongoing wave of npm supply chain attacks dubbed "Shai-Hulud." Developers who installed affected versions are advised to rotate all credentials, while npm owner GitHub has said little about the continuing series of incidents.

A compromised npm account managed to push malware to 314 JavaScript packages in a 22-minute window early Tuesday morning. Among the casualties: size-sensor (4.2 million monthly downloads), echarts-for-react (3.8 million), @antv/scale (2.2 million), and timeago.js (1.15 million). If you pulled any of these recently, pay attention.

The account at the centre of it, [email protected], belongs to a developer based in Hangzhou, China. Security researcher Nicholas Carlini flagged the malicious packages on GitHub. The account holder then closed the issues and marked them as resolved within the hour, which effectively buries the warnings unless someone specifically hunts for closed issues. Convenient.

Some of the dodgy package versions have since been deprecated on npm with a bland "published in error" message, while others have been quietly pulled entirely.

SafeDep did the forensic legwork and found that the payload follows exactly the same structure as the one used to hit SAP packages three weeks ago. The malware harvests environment variables, trawls local files for credentials, and specifically goes after tokens and keys for GitHub, npm, AWS, Azure, Google Cloud, Docker, and Stripe. It also tries to break out of containers, because of course it does.

Stolen credentials get exfiltrated to a freshly created GitHub repository. The malware also injects configuration files into other projects sitting on the developer's machine, targeting Claude Code and Codex for execution. GitHub itself gets abused as a command-and-control channel via malicious repositories that pull down and run Python code remotely.

According to SafeDep, the whole wave was automated using a single stolen token. One compromised credential, 314 infected packages, millions of potential downstream victims.

Anyone who installed affected versions should rotate every credential their build environment could have touched, audit GitHub for repositories they didn't create, and on Linux, check for rogue systemd services. Maintainers are especially exposed since the malware can use their own tokens to publish further poisoned packages.

This is the second Shai-Hulud incident in as many days. PyPI and RubyGems have seen their share of malicious uploads too, but npm keeps taking the worst of it. GitHub, which owns npm, has said very little publicly about the ongoing campaign.

Back in September last year, GitHub posted a plan to shore up npm's supply chain security in response to what now looks like the opening stages of Shai-Hulud. Whatever steps were taken clearly haven't been enough.