npm Supply Chain "Shai-Hulud" Worm Continues to Threaten Ecosystem

GitLab's Vulnerability Research team has identified an active, large-scale supply chain attack involving a destructive malware variant spreading through the npm ecosystem. Multiple infected packages contain an evolved version of the "Shai-Hulud" malware with worm-like propagation behavior that automatically infects additional packages maintained by impacted developers. The attack, which surfaced around November 21-24, 2025, and continues into 2026, affects over 25,000 malicious repositories across approximately 350 unique users.

Massive Scale and Compromised Credentials

Around 600-800 npm packages have been compromised, many of them widely used in production environments. Attackers have compromised maintainer accounts from prominent projects including Zapier, PostHog, and Postman. The malware has stolen extensive credentials: 581 GitHub Personal Access Tokens, 386 OAuth tokens, 104 Fine-Grained PATs, alongside 101 GitLab tokens. NPM tokens allowed attackers to publish packages and continue the supply chain attack.

Dead Man's Switch Mechanism

A particularly concerning aspect of Shai-Hulud 2.0 is its "dead man's switch" mechanism that threatens to destroy user data if its propagation and exfiltration channels are severed. This represents an escalation from traditional malware, introducing ransomware-like destructive capabilities into supply chain attacks. A new strain discovered on December 28, 2025, suggests the attackers continue to evolve their techniques.

Ongoing Threat

Security researchers from CISA, Microsoft, Palo Alto Networks' Unit42, Wiz, and GitGuardian have all published guidance on detecting and defending against the attack. Organizations using npm packages should audit their dependencies, rotate all credentials, and implement supply chain security tools to detect malicious package updates before they reach production systems.