View all Posts

The Business Cost of the Shai-Hulud npm Attack

In November 2025, a sophisticated malware campaign known as Shai-Hulud V2 infiltrated the npm software ecosystem, the backbone of modern web and mobile applications. Within hours, it had compromised more than 700 npm packages, created over 27,000 malicious GitHub repositories, and exfiltrated an estimated 14,000 secrets across 487 organizations.

This was not just a surface breach. It directly targeted cloud credentials, CI/CD pipelines, and developer workstations, with the potential to trigger massive cloud bills, data theft, or operational shutdowns. And it followed a similar attack just two months earlier (Shai-Hulud V1), which compromised over 200 packages and 500 versions in September 2025.

For business leaders, the message is clear. Software supply chain risk is now a top-tier enterprise risk, carrying financial, operational, legal, and reputational consequences on par with ransomware or phishing, just far less visible.

What Happened? A Timeline of the Attack

The Shai-Hulud saga unfolded in two waves.

The first wave (September 2025) began when researchers at ReversingLabs discovered that widely used npm packages such as @ctrl/tinycolor and ngx-bootstrap, with millions of weekly downloads, had been backdoored with malicious code. The worm stole credentials and automatically republished infected versions of every package owned by the compromised maintainer, creating a chain reaction across the ecosystem.

The second wave (November 24, 2025) was far more dangerous. Dubbed “The Second Coming” by its operators, Shai-Hulud V2 introduced critical upgrades: it executed before package installation completed, used the Bun runtime to evade detection, exfiltrated data via public GitHub repositories (blending in with normal traffic), and deployed persistent backdoors using self-hosted GitHub Actions runners.

According to Datadog, the attack likely originated from a malicious commit in the asyncapi/cli GitHub repository, possibly exploiting a CI/CD pipeline vulnerability. From there, it spread autonomously, turning legitimate vendors into unwitting distributors of malware.

How This Affects Your Business

Direct Financial Exposure

Shai-Hulud V2 didn’t just steal GitHub tokens. It harvested AWS, Azure, and Google Cloud credentials from environment variables, metadata services, and even cloud secret stores like AWS Secrets Manager. In the hands of attackers, these credentials can be used for:

  • Cryptojacking: Spinning up thousands of compute instances.
  • Data exfiltration: Stealing customer databases or intellectual property.
  • Billing attacks: Generating massive cloud egress fees (e.g., $100K+ in hours).

While the global average cost of a data breach declined slightly to $4.44 million in 2025, the cost in the U.S. alone remains over $10 million. For mid-sized firms, incident response, legal fees, and system rebuilds can easily exceed $500,000–$2 million.

Operational Disruption

When Shai-Hulud V2 struck on November 24, 2025, affected organizations—including companies like Zapier, Postman, and ENS Domains—were forced to take immediate defensive action. According to Datadog, these companies had to halt all CI/CD pipelines, revoke every npm token, GitHub PAT, and cloud credential, and conduct full audits of their software dependencies to ensure no backdoored packages remained in use.

This response triggered significant operational slowdowns. The disruption was also not just limited to external products. Internal tools and dashboards, which often rely on the same npm dependencies as production systems, were also considered compromised and required remediation.

This illustrates a critical blind spot: 98.7% of websites use JavaScript, and the vast majority rely on npm dependencies, often through deep transitive chains. Even if your product isn’t software, your internal tools likely are, and they can be vulnerable.

Reputational and Legal Risk

If your company publishes npm packages (even for internal use), you could inadvertently distribute malware to partners or customers. This isn’t just a technical failure, it’s a breach of trust that can trigger contractual penalties, violate data protection laws (e.g., GDPR), and attract regulatory scrutiny.

New regulations now codify this risk. The U.S. Executive Order 14028 mandates that federal software vendors provide a Software Bill of Materials (SBOM), a complete inventory of open-source components. Similarly, the EU Cyber Resilience Act (CRA), effective in 2026–2027, requires manufacturers of “products with digital elements” to maintain SBOMs in machine-readable formats and ensure foundational security by design.

Why Traditional Security Tools Failed

Shai-Hulud bypassed conventional defenses because it didn’t behave like traditional malware:

  • It entered via trusted code repositories, not phishing emails
  • It used GitHub’s own API for exfiltration, appearing as normal developer traffic
  • It leveraged overprivileged automation tokens that many CI/CD systems still use by default

Most Software Composition Analysis (SCA) tools scan for known vulnerabilities, not behavioral malware like self-replicating worms. And perimeter firewalls couldn’t stop data leaving via github.com.

Strategic Recommendations for Businesses

Treat Open-Source Dependencies as Third-Party Vendors

While maintaining a complete SBOM for every application may be impractical for many businesses, particularly those without dedicated security or compliance teams, it’s still valuable to identify and inventory high-risk dependencies. Focus first on applications that handle sensitive data, interact with cloud infrastructure, or are exposed to external users. For these systems, even a partial SBOM or a simple list of direct npm dependencies can dramatically speed up response during an incident like Shai-Hulud. Rather than treating open-source code as “free and risk-free,” approach widely used libraries with the same caution you’d apply to a SaaS vendor. Understand what they do, how they’re maintained, and what access they require.

Enforce Least Privilege for All Automation

Automation is essential for speed, but it becomes dangerous when systems operate with excessive permissions. Mandate that all CI/CD pipelines, deployment scripts, and publishing workflows use short-lived, narrowly scoped credentials, never long-lived admin tokens. Where possible, replace static tokens with identity federation standards like OIDC, which allow cloud platforms (e.g., AWS, Github) to issue temporary credentials based on verified pipeline identity. This approach ensures that even if a pipeline is compromised, the attacker’s access window is limited, and lateral movement is far more difficult.

Isolate and Monitor Build Environments

Build and deployment environments should be treated as high-risk zones. They often contain powerful credentials yet are rarely monitored as closely as production systems. To reduce exposure, restrict internet access from build pipelines, especially outbound connections to public package registries. Instead, use a private npm proxy or mirror (such as Verdaccio or JFrog) that caches approved versions and can block known-malicious packages before they reach developers. Additionally, implement basic runtime monitoring to flag unusual activity, such as a sudden spike in npm publish events from a single account or unexpected GitHub API calls to create repositories.

Conduct a “Supply Chain Fire Drill”

Many companies test their response to ransomware or data breaches, but few consider a compromised open-source dependency. Run a lightweight tabletop exercise: imagine one of your key JavaScript libraries is backdoored tomorrow. Could your team quickly identify which systems are affected? Revoke relevant tokens? Rebuild and redeploy without the compromised version? You don’t need a full incident playbook to start, just a clear owner, a dependency inventory for critical apps, and a communication plan. Testing this scenario even once a year can reveal gaps before a real attack occurs.

Partner with Vendors Who Prioritize Supply Chain Security

When evaluating software providers, especially those offering developer tools, CI/CD platforms, or cloud services, it’s reasonable to ask how they protect their own supply chain. Simple questions like “Do you use private package registries?”, “How do you manage publishing tokens?”, or “Can you share a list of major open-source dependencies?” can reveal a lot about a vendor’s maturity. You don’t need them to be SLSA-certified or OpenSSF-compliant, but a vendor that can thoughtfully answer these questions is likely more resilient than one that treats supply chain risk as “someone else’s problem.” In an ecosystem where one compromised library can affect hundreds of downstream users, vendor hygiene is a form of shared defense.

The Bottom Line

Shai-Hulud demonstrates that software supply chain attacks can directly impact revenue, compliance, brand trust, and executive liability. In a world where code is assembled from thousands of open-source components, security starts upstream, and business leaders need to own that risk.

The next worm may not just steal data, it may shut down your product, inflate your cloud bill, or trigger a regulatory investigation. The time to act is now, not after the next attack.

Related Posts

View all