CISA, GitHub take action after massive NPM supply chain compromise

Published: 24 September 2025
npm package compromise
Image by Cybernews.

After a massive supply-chain compromise of over 500 NPM packages, the US cybersecurity watchdog has released an alert urging organizations to check for potential malicious leftovers and compromised credentials. GitHub is enforcing stricter authentication for publishing packages.

A self-replicating worm, publicly dubbed Shai-Hulud, has been contained. It recently compromised over 500 widely used NPM packages.

The US Cybersecurity and Infrastructure Security Agency (CISA) is urging developers to detect all the affected packages, immediately delete all developer credentials, and implement other recommendations to remediate the compromise.

ADVERTISEMENT

The alert contains eight recommendations in total:

  • Conduct a dependency review of all software leveraging the npm package ecosystem. The organizations are urged to check for “package-lock.json” or “yarn.lock” files to identify affected packages, including those nested in dependency trees
  • Search for cached versions of affected dependencies in artifact repositories and dependency management tools
  • Pin npm package dependency versions to known safe releases produced prior to September 16th, 2025
  • Immediately rotate all developer credentials
  • Mandate phishing-resistant multifactor authentication (MFA) on all developer accounts, especially for critical platforms like GitHub and NPM
  • Monitor for anomalous network behavior. CISA suggests blocking outbound connections to the “webhook.site”, which was used for exfiltration, domains, and monitoring firewall logs for connections to suspicious domains
  • Harden GitHub security by removing unnecessary GitHub Apps and OAuth applications, and auditing repository webhooks and secrets
  • Enable branch protection rules, GitHub Secret Scanning alerts, and Dependabot security updates

A short explanation also explains how the threat actor managed to spread malware so widely.

The worm automatically scanned the infected environments for sensitive credentials, especially GitHub Personal Access Tokens and application programming interface (API) keys for cloud services, such as AWS (Amazon Web Services), Google Cloud Platform, or Microsoft Azure.

The malware would then exfiltrate detected secrets to the attacker-controlled endpoint and upload the credentials to a public repository on GitHub named “Shai-Halud.”

Then, the worm used an automated process to rapidly authenticate to the NPM registries as the compromised developer and spread. It injected code into other packages, published compromised NPM versions, waited for someone else to download them, and repeated the process.

Some of the compromised packages are downloaded millions of times per week.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Google News Follow us
ADVERTISEMENT

GitHub enforces stricter authentication

Due to this attack, GitHub announced urgent measures to strengthen NPM’s security with stricter authentication, permission controls, and enhanced trusted publishing.

“By combining self-replication with the capability to steal multiple types of secrets (and not just NPM tokens), this worm could have enabled an endless stream of attacks had it not been for timely action from GitHub and open source maintainers,” GitHub explains in its advisory.

The platform acknowledged that it removed over 500 compromised packages to prevent the worm's further propagation, and NPM continues blocking the upload of new packages containing the malware.

To address any potential future token abuse, GitHub announced changes in authentication and publishing options:

  • Two-factor authentication (2FA) will be required for local publishing.
  • The lifetime of Granular tokens will be limited to seven days
  • A shift to trusted publishing, which is a new authentication method replacing long-lived API keys or passwords with short-lived identity tokens.

GitHub also says that the NPM ecosystem is deprecating legacy classic tokens and time-based one-time passwords for 2FA and migrating users to FIDO-based authentication.

Tokens with publishing permission will have a short expiration, and publishing access will be set by default to disallow tokens, encouraging developers to choose trusted methods.

GitHub also promises to expand eligible providers for trusted publishing.

“We recognize that some of the security changes we are making may require updates to your workflows. We are going to roll these changes out gradually to ensure we minimize disruption while strengthening the security posture of NPM,” the advisory reads.

ADVERTISEMENT

GitHub urges NPM package maintainers to switch to NPM trusted publishing already, strengthen publishing settings on accounts, orgs, and packages to require 2FA for any writes and publishing actions, and use WebAuth passwordless logins (passkeys) instead of one-time passwords.

Ruby Central, which manages repositories and tools for the Ruby programming language, has also announced tightened controls. It is temporarily restricting administrative access to their employees only, while working towards a more formal community governance structure.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
By participating in this viral trend, you help train AI where it struggles the most
Windows hibernation may contribute to SSD wear as storage costs rise
UFO skeptic Michael Shermer apologizes to David Grusch
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
The world's top intelligence alliance: AI could supercharge cyberattacks within months
ADVERTISEMENT