The Shai-Hulud worm: a worm in the code

In September 2025, the Shai-Hulud attack began as a phishing lure posing as an NPM multi-factor authentication (MFA) update, tricking developers into revealing their credentials. After installation, malicious scripts in trojanized packages, like @ctrl/tinycolor, scanned for sensitive data such as GitHub tokens and AWS keys etc., exfiltrating this information to attacker-controlled repositories. With stolen NPM publishing rights, the worm hijacked victims' packages, injected payloads, and spread rapidly, compromising over 180 packages by month-end and disrupting CI/CD workflows globally.

In November, a resurgence known as the "second wave" targeted prominent projects like Zapier and PostHog, exploiting GitHub runners and Bun runtimes via preinstall scripts. Infected systems created rogue workflows, searched for secrets, and deleted home directories if they could not maintain persistence. 

As of November 24th, new infections continue to surface every half-hour, showcasing the worm's autonomous, AI-assisted evolution. This wave uses similar "Shai-Hulud" naming but refined tradecraft, possibly by the same or copycat actors, searching for potentially infected repositories.

Why is the Shai-Hulud worm dangerous?

The worm poses a significant risk to the software industry and end users since it can autonomously steal sensitive developer credentials and propagate itself across hundreds of open-source software packages in the NPM ecosystem. Since NPM packages are integrated into millions of applications and systems globally, this means that even a single compromise can potentially affect millions of downstream users and organizations.

Compounding the situation the worm has advanced capabilities, allowing it to:

• Harvest credentials: Scans .npmrc, env vars, and files for tokens and keys.
• Self-propagate: Automatically hijacks packages and publishes using stolen credentials.
• Move laterally: Using stolen credentials, the worm moves laterally onto other systems
• Evade detection: Uses LLM-generated code with emojis and comments to dodge static analysis.

The fallout? Potential data breaches, ransomware footholds, and eroded trust in the NPM registry. CISA's alerts echo the urgency: rotate credentials, audit dependencies, and harden your supply chain now.

How to protect against supply chain attacks like Shai-Hulud

Open-source velocity is a strength, but it comes with risks: unverified maintainers, uncontrolled secrets, and unchecked installation scripts. Shai-Hulud takes advantage of these vulnerabilities, transforming trusted packages into trojan malware. Traditional vulnerability tools often react too late, scanning after deployment or failing to detect issues during runtime.

Mondoo integrates continuous scanning into your workflows, allowing you to identify threats like Shai-Hulud at their source. With Mondoo's Software Supply Chain Security, you gain comprehensive visibility across your infrastructure, from CI/CD pipelines and runtime containers like Kubernetes to cloud and on-premises virtual machines and developer workstations, all governed by a single policy. This unified approach ensures consistent protection regardless of where threats arise, eliminating silos and reducing the mean time to respond.

How to detect Shai-Hulud

So how do you know if you’ve been infected by the worm?

1. Analyze package dependencies: The worm uses the bun JavaScript runtime to set itself up and execute its malicious payload. The setup is found in setup_bun.js and creates the foundation for the worm to execute. It then uses a highly obfuscated payload found in a very large script in bun_environment.js (~10mb). Having both of these files in the repo, especially with the giant obfuscated script, is a strong indication for the worm.
   
   
2. SBOM generation and analysis: A good way to analyze your dependencies is to generate and scan Software Bills of Materials (SBOMs). Even when packages are removed from the NPM registry, you may still have existing versions in containers or local repositories. SBOM is great for quickly checking all dependencies.

3. Find malicious scripts: The worm uses custom pre-/postinstall hooks, bash scripts to exfiltrate data, creating "Shai-Hulud" repos, or invoking the above  bun_environment.js scripts.

Quickly remediate Shai-Hulud infections

To contain and recover from the Shai-Hulud worm (as of November 24, 2025), prioritize these steps:

1. Contain immediately: Rotate all credentials (GitHub PATs, NPM tokens, SSH keys, cloud APIs) and enable MFA. Quarantine affected systems and revoke rogue "SHA1HULUD" GitHub runners. Block IOCs like webhook.site outbound traffic.
   
   
2. Remove compromised packages: Audit package.json and lockfiles for malicious packages (e.g., @ctrl/tinycolor@4.1.1, @zapier/zapier-sdk@0.15.5 up to 0.15.7). Remember that lockfiles depend on which NPM package manager you use (e.g. npm, yarn, and pnpm). Check audit logs for unauthorized actions, e.g. by looking for unauthorized executions.
    
3. Find malicious repositories: Scan GitHub repos via this search. Additionally, search for any unauthorized GitHub repositories under your organization or personal accounts, as the worm uses GitHub as a key distribution mechanism for propagation and credential exfiltration.
   
   
4. Clean and restore: Delete node_modules and the NPM cache. Reinstall via the npm CLI with safe versions. A lot of packages have been removed from the registry already, which will stop you from pulling the worm. Remove "Shai-Hulud" repos, rogue workflows, and artifacts. Test in isolated CI/CD.
   
   
5. Prevent Recurrence: Pin dependencies (no floating ranges), enforce via --ignore-scripts, and use scanning tools.

For automated help, deploy Mondoo's vulnerability management and or create detection policies across CI/CD, K8s, VMs, and dev stations.

Is Mondoo itself affected?

Mondoo is not affected by the vulnerability, since the platform doesn’t use any of the impacted NPM packages. 

We hope this overview of Shai-Hulud is helpful and provides clear guidance on the best immediate steps to take. For Mondoo customers, we will continuously update the product advisory with the latest information. For non-Mondoo customers, you can contact us to do a rapid assessment of Shai-Hulud in your environment.

Protect against supply chain attacks with Mondoo

The Shai-Hulud worm is a reminder that the supply chain is as vast and unforgiving as the dunes of Arrakis. But with Mondoo, you are not a lone Fremen, you’re armed with the tools to ride the worm, not fear it. 

Mondoo fully analyzes environments to find offenders like Shai-Hulud in repositories, local deployments, images, and SBOMs, including cloud, on-prem, K8s, CI/CD and developer workstations. You can also add policies to prevent the worm from spreading, protecting your supply chain and runtime at the same time.

Ready to see Mondoo in action? Schedule a demo today.

In the words of Paul Atreides: "The spice must flow." Let's ensure your code does too, securely.

Stay vigilant, stay Mondoo'd.