Mondoo
Supply Chain Attack Advisory

Shai-Hulud: The npm Supply Chain Worm

The first self-replicating worm in the npm ecosystem

Named after the giant sandworms from Dune, Shai-Hulud spreads through the npm ecosystem beneath the surface, stealing credentials and infecting packages autonomously.

Protect Your PipelineSee How Mondoo Helps

Attack Impact (November 2025)

796
Packages Compromised
unique npm packages infected
25K
Repos Affected
repositories with exfiltrated secrets
27%
Cloud Environments
of all cloud environments impacted
$50M+
Crypto Stolen
in the first wave alone

What is Shai-Hulud?

Shai-Hulud is one of the most significant supply chain attacks in recent years, exploiting the npm ecosystem's trust model. The worm spreads autonomously by stealing credentials and using them to infect more packages—no human intervention required.

Self-Replicating Worm

The first successful self-replicating worm in npm. It steals credentials and uses them to infect more packages, leading to exponential growth without needing a command and control server.

Pre-Install Execution

Version 2 uses pre-install scripts instead of post-install, meaning code runs before installation completes. Every failed installation is still a successful infection.

Enterprise-Grade Credential Theft

Steals npm tokens, GitHub configs, SSH keys, AWS/Azure/GCP credentials, and actively hunts for secrets using Trufflehog across the entire filesystem and Git history.

Destructive Fallback

If the worm cannot find credentials to spread, it simply deletes the home directory. This shows a mentality of sabotage, not just stealing.

What Gets Stolen

Local Credentials

  • npm tokens (.npmrc)
  • GitHub CLI configs
  • SSH keys
  • Environment variables

Cloud Credentials

  • AWS instance metadata
  • Azure managed identity keys
  • GCP secret manager
  • IMDS tokens

Active Hunting

  • Trufflehog secret scanning
  • Full filesystem search
  • Git history analysis
  • Config file extraction

Attack Timeline

How Shai-Hulud evolved from phishing campaign to autonomous worm

September 2025

First Wave

Phishing campaign claiming npm MFA changes. Over 180 packages compromised via post-install scripts. ~$50M in crypto stolen from developer wallets.

November 21-23, 2025

Second Wave Begins

Trojanized packages uploaded. Attackers called it "Shai-Hulud: The Second Coming" - a vastly improved version of the worm.

November 24, 2025

Mass Explosion

796 unique packages infected. 25,000 repositories compromised. PostHog identified as "patient zero" via PR abuse attack vector.

December 9, 2025

npm Response

Classic tokens revoked. Session-based auth introduced. However, already-compromised packages and CI/CD secrets remained vulnerable.

Notable Victims

Major organizations affected by the November 2025 wave

PostHog

Patient Zero

PR abuse led to GitHub PAT theft, then npm publishing token

Postman

60% of infections

Infected tunnel agent package spread to thousands

Zapier

Major victim

Integration platform with widespread npm usage

ENS Domains

Web3 target

Crypto ecosystem with high-value wallets

Elastic

Enterprise target

Widely-used observability platform

Full Stack Protection

How Mondoo Protects Against Supply Chain Attacks

Mondoo provides end-to-end visibility across your entire software supply chain. Most tools only cover one or two areas—Mondoo covers them all with one policy, one detection, and one unified view.

CI/CD Pipeline

Block Infected Builds

Scan GitHub Actions, GitLab CI, and Jenkins pipelines. Catch infected dependencies before deployment and block builds on critical findings.

Container Registry

Scan Container Images

Scan Docker Hub, ECR, GCR, ACR, and other registries after push. Detect compromised packages in your container images.

Runtime

Monitor Running Workloads

Continuously scan Kubernetes, ECS, Cloud Run, VMs, and bare metal. Detect compromised packages in production.

Cloud Infrastructure

Secure Cloud Configs

Scan AWS, Azure, GCP infrastructure. Check IAM, networking, storage, and workload security configurations.

Developer Workstations

Protect Dev Machines

Scan macOS, Linux, and Windows workstations where credentials live. Detect exposed npm tokens, SSH keys, and cloud credentials.

Source Repositories

Scan for Leaked Secrets

Scan GitHub and GitLab repositories for credentials that may have been committed. Find secrets before attackers do.

Stop Infected Builds Before Deployment

With Mondoo, an infected build would have been caught in the pipeline and blocked before it ever reached production. Don't wait for the next supply chain attack.

Blog

The Era of the Supply Chain Worm Has Just Begun

Shai-Hulud isn't just another malicious package—it's a proof-of-concept for a devastating new paradigm of automated, cross-ecosystem warfare targeting developer identity. Learn why this is just the beginning.

Learn more

Is Your Supply Chain Protected?

Get visibility into your npm dependencies, CI/CD pipelines, container images, and cloud infrastructure. Detect compromised packages before they reach production.

Get a DemoExplore Platform