Following massive supply chain attacks, NPM has forced a platform-wide token reset – all tokens bypassing 2FA must be updated. However, it doesn’t solve the underlying problem.
Attackers with Mini Shai Hulud malware published over 1,000 compromised NPM packages in over a week, used by millions of developers. It has spread to other platforms. Even GitHub itself, the owner of NPM, just got compromised in a supply chain attack, but it’s unclear whether the hack is related to Shai Hulud.
NPM’s response? A platform-wide credential reset.
“To prevent supply chain attacks following the pattern of Mini Shai Hulud, we invalidated npm granular access tokens with write access that bypass 2FA. Update the stored token and rerun the workflow for your automations,” NPM said in a post on X.
Shai Hulud is a self-propagating worm that steals npm tokens and uses them to autonomously publish new poisoned packages without any human involvement.
Last year, in response to the attacks, NPM retired classic tokens – a key that gives full access with no expiry. Granular tokens with specified permissions were hardened to expire after a maximum 90-day period, and they are created with two-factor authentication (2FA) enforced by default.
However, automated (CI/CD) workflows still mostly rely on tokens that bypass 2FA – NPM provides an option to issue such tokens to developers.
Forcing a platform-wide token reset will invalidate the tokens that attackers might have already stolen, but it is unlikely to stop the attacks – it’s a one-time band-aid solution. The malware is still there, stealing new tokens.
Therefore, NPM urges developers to migrate to “Trusted Publishing,” which reduces reliance on tokens. Trusted Publishing uses an open standard OpenID Connect (OIDC) to let a trusted platform automatically issue a short-lived proof of identity when publishing new packages – in most cases, it is GitHub, the world’s largest code repository.
However, this doesn’t protect open source projects from cyberattacks when developer accounts are compromised or automated workflows are hijacked. The same threat actors behind Shai Hulud abused OIDC Trusted Publishing to release malicious TanStack packages after they injected malicious code into the CI/CD workflow.
What is Mini Shai Hulud?
Mini Shai Hulud is an ongoing npm supply chain worm, a variant of the original Shai Hulud malware that spreads automatically and harvests npm tokens and other credentials from compromised machines, as well as other data.
It was used to poison over 600 NPM packages this week: Alibaba’s widely used open-source data visualization ecosystem, @antv, as well as many popular standalone packages such as jest-canvas-mock (2.4 million weekly downloads), jest-date-mock (381,400 weekly downloads), echarts-for-react (890,000 weekly downloads), and others.
The previous week, the worm injected malware into widely used TanStack, Mistral AI, and other packages.
Security researchers attributed the malware to TeamPCP, a financially motivated threat group that rose to prominence in late 2025. The hackers open-sourced the malware and invited other threat groups to participate in a contest to see who could cause the most damage with it.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked