NPM Attacks in 2025: Escalating Supply Chain Threats in the JavaScript Ecosystem

The Node Package Manager (npm) registry faced unprecedented supply chain attacks throughout 2025, marking a significant escalation in threats targeting open-source JavaScript dependencies. These incidents exposed vulnerabilities in maintainer accounts, credential management, and lifecycle scripts, compromising hundreds of packages and affecting billions of weekly downloads. Major campaigns, including phishing-driven hijacks and self-propagating worms, highlighted the fragility of the npm ecosystem and underscored the need for robust defensive measures.

The September 2025 Compromise: A Watershed Event

On September 8, 2025, attackers executed a sophisticated phishing campaign targeting prominent npm maintainers. Using a fake domain (npmjs.help) registered days earlier, threat actors impersonated npm support and created urgency around two-factor authentication (2FA) resets. This led to the compromise of maintainer accounts, including that of developer Qix.

Within hours, malicious versions of 18 highly popular packages were published. Affected packages included chalk, debug, ansi-styles, strip-ansi, and supports-color—libraries collectively downloaded over 2.6 billion times per week. The injected code featured obfuscated JavaScript designed to intercept cryptocurrency transactions in browser environments, functioning as a wallet drainer.

Although the malicious versions were available for only about two hours before detection and removal, the incident demonstrated the explosive potential of supply chain attacks. Rapid propagation risked exposing developer environments and end-user applications to credential theft and financial losses.

Emergence of the Shai-Hulud Worm

The September incident evolved into a more dangerous self-propagating campaign known as Shai-Hulud, named after the sandworms in Dune. First identified around September 15, 2025, this worm marked the first successful wormable malware in the npm ecosystem.

Compromised packages executed post-install scripts that:

• Harvested sensitive credentials, including npm tokens, GitHub personal access tokens (PATs), and cloud provider keys (AWS, GCP, Azure).
• Used tools like TruffleHog for secret scanning.
• Exfiltrated data to attacker-controlled GitHub repositories.
• Automatically identified and trojanized other packages owned by the compromised maintainer, republishing malicious versions to spread further.

Over 500 packages were ultimately affected, with researchers tracking cascading compromises across ecosystems like Angular and NativeScript. The worm’s automation allowed exponential spread without direct actor intervention, amplifying risks in CI/CD pipelines and developer machines.

Shai-Hulud 2.0: The Second Wave in November

In late November 2025, a renewed and more aggressive campaign—dubbed Shai-Hulud 2.0 or “The Second Coming”—emerged between November 21 and 23. This wave compromised hundreds of additional packages, including those from major projects like Zapier, ENS Domains, PostHog, Postman, and AsyncAPI.

Key advancements included:

• Pre-install script execution for broader exposure across build and runtime environments.
• Persistence via injected GitHub Actions workflows and backdoors.
• Exfiltration of thousands of credentials to public repositories, exposing over 25,000 GitHub repos.
• In some variants, a “dead man’s switch” mechanism that triggered data destruction (e.g., file deletion on Windows systems) if propagation channels were disrupted.

This iteration affected packages with hundreds of millions of monthly downloads, leading to widespread credential revocation advisories from organizations like CISA.

Key Techniques and Trends in 2025 Attacks

These attacks shared common patterns:

• Initial Access: Targeted phishing against maintainers, exploiting urgency and fake support domains.
• Payload Delivery: Malicious lifecycle scripts (preinstall/postinstall) in package.json, executing arbitrary code during installation.
• Propagation: Credential theft enabling automated publishing of trojanized versions.
• Impact: Data exfiltration, persistence, and potential runtime compromise, though many payloads focused on developer environments rather than production servers.

Trends observed in 2025 included a shift toward worm-like self-replication, increased focus on cryptocurrency theft, and exploitation of legacy authentication tokens ahead of npm’s enforcement deadlines.

Mitigation Strategies and Best Practices

Organizations and developers can reduce exposure through layered defenses:

• Pin dependencies to known safe versions using exact version specifiers in package.json and lockfiles (package-lock.json or yarn.lock).
• Implement dependency cooldown periods to delay adoption of newly published versions.
• Enable phishing-resistant MFA (e.g., hardware keys) on npm, GitHub, and cloud accounts.
• Adopt trusted publishing for npm to eliminate long-lived tokens in CI/CD.
• Use tools like npm audit, provenance verification, and supply chain security scanners (e.g., Socket, Snyk) to detect anomalies.
• Rotate credentials immediately if compromise is suspected and monitor for unusual publishes or outbound connections.
• Block lifecycle scripts where possible or use package managers with stricter defaults (e.g., pnpm’s script restrictions).

Registry improvements, such as npm’s push toward granular tokens and mandatory 2FA, along with GitHub’s enhanced monitoring, have begun addressing systemic weaknesses.

Conclusion

The npm attacks of 2025 represented a turning point for JavaScript supply chain security, exposing the risks of trusted dependencies and maintainer-centric models. With self-propagating worms capable of rapid, widespread compromise, the ecosystem demands proactive hardening. By prioritizing credential hygiene, deterministic installs, and real-time monitoring, developers and security teams can mitigate these evolving threats and build greater resilience into open-source workflows.