GRAPHIC APPAREL SHOPIn September 2025, the JavaScript community experienced a watershed moment: the Shai-Hulud worm swept through npm, infecting over 100 popular packages. This attack was not just another instance of malware, it marked the first time a self-propagating worm leveraged modern development tools to compromise the open-source supply chain at scale.
Understanding Shai-Hulud’s Attack Mechanism
Once a compromised npm package was installed, a post-install script activated, utilizing TruffleHog to scan for secrets like cloud credentials and environment variables. If a GitHub token was found, the worm’s tactics escalated:
- Creating a public GitHub repository named Shai-Hulud to upload harvested secrets
- Pushing new GitHub Actions workflows to exfiltrate further credentials via webhooks
- Migrating private organizational repositories to public, often appending a "-migration" suffix and labeling them as "Shai-Hulud Migration"
When npm tokens were discovered, the worm published new malicious versions of accessible packages, allowing it to rapidly infect additional libraries. This approach mirrored classic computer worms, but with the unique twist of exploiting today’s development infrastructure.
Technical Dissection: How the Worm Operated
Shai-Hulud deployed two main scripts. The workflow script automated branch creation and GitHub workflow triggers for exfiltration, while the migration script cloned and republished private repositories as public ones.
Temporary directories (such as /tmp/github-migration) helped manage these operations. Some payloads even appeared to be AI-generated, signaling increasingly sophisticated attack methods.
Scope of the Compromise
The worm exposed secrets from at least 36 GitHub users, forcibly migrated eight private repositories, and tainted over 64 more with malicious branches. Attackers managed to leak GitHub tokens, npm credentials, and API keys for services like Atlassian and Datadog. Although the attacker’s webhook for exfiltration was eventually shut down, sensitive data lingered in public workflow logs, compounding the risk.
This widespread infection was traced to a prior exploit involving the s1ngularity/Nx ecosystem, where compromised GitHub tokens enabled the initial wave of npm package poisoning. While immediate containment measures had partial effect, the attack underscored the far-reaching consequences of modern supply chain vulnerabilities.
Essential Response Steps
- Remove malicious packages: Delete affected
node_modulesdirectories, clear npm caches, and upgrade only to verified package versions.- Audit for compromise: Search for new "Shai-Hulud" repositories or those with the "-migration" suffix, and review GitHub audits for unfamiliar API activity.
- Monitor developer environments: Watch for unexplained API calls and suspicious child processes in CI/CD pipelines.
- Rotate all credentials: Immediately revoke and regenerate any exposed GitHub, npm, or API keys.
How Wiz Supports Organizations
Wiz offers actionable insights to help customers detect and respond to threats like Shai-Hulud. Their platform includes tailored queries to identify malware-laden packages, YARA-based file detection, and threat detection rules for suspicious behaviors. Wiz’s SBOM capabilities also enable rapid identification of affected components within large environments.
Staying Ahead of Self-Propagating Threats
The Shai-Hulud worm illustrates that npm supply chain attacks have evolved to become self-propagating, greatly increasing both their reach and impact. To defend against this new wave of threats, organizations must prioritize rapid auditing, remediation, and ongoing monitoring while fostering collaboration across the security community. Proactive credential rotation and transparent incident response will be essential as the ecosystem adapts to this new reality.
Shai-Hulud: The First Self-Propagating npm Supply Chain Worm