New npm Supply Chain Attack Identified: Second Wave of Shai Hulud

THE THREAT

On November 24th, 2025, a second wave of the Shai Hulud npm supply chain attack was uncovered. This wave involved the compromise of 492 npm packages collectively downloaded more than 132 million times per month. Well-known projects including Zapier, ENS, AsyncAPI, PostHog, Browserbase, and Postman were among those impacted, as threat actors embedded the Shai Hulud worm into the affected packages. Once executed on a victim system, the malware harvested sensitive information such as passwords, API keys, cloud access tokens, and GitHub or npm credentials using TruffleHog.

This activity follows the first wave identified on September 16th, 2025, in which 187 packages were compromised, including several associated with CrowdStrike. Given the inclusion of widely used and trusted projects in the second wave, organizations that depend on these npm packages face heightened risk of data exposure and subsequent compromise, underscoring the need for rapid remediation.

What we're doing about it

• Threat Hunts for known Indicators of Compromise are being conducted across eSentire MDR for Endpoint and Log
• The eSentire Threat Intelligence team is tracking this topic for additional information and detection opportunities

What you should do about it

• Organizations are advised to implement a comprehensive remediation plan including immediate package audits, credential rotation, and enhanced security controls
  • Immediately removing and replacing all affected packages, specifically check the project's lockfile (package-lock.json)
  • rm -rf node_modules && npm cache clean --force
• Rotating all potentially compromised credentials
  • GitHub tokens, npm tokens, SSH keys, API keys, and environment variable secrets
• If possible disable npm postinstall scripts in CI
• Check GitHub for existence of repositories with the description "Sha1-Hulud: The Second Coming"
• Conducting full security audits of CI/CD pipelines and development environments
  • Remove any malicious packages and rebuild the project with clean dependencies both locally and on the CI/CD production server
• Implementing strict version pinning and package lockfiles
• Implementing automated security controls such as package signing, mandatory code review processes, and continuous dependency scanning
• Run tools like npm audit, Snyk, or other Software Composition Analysis (SCA) tools and
• Issue an invalidation command for all affected JavaScript assets on their Content Delivery Network (CDN) to force servers to discard the cached malicious files
• Follow OWASP npm Security Best Practices in the software development life cycle
• Integrate GitHub logs into SIEM (MDR for Log) for enhanced monitoring

Additional information

Shai Hulud is a self-replicating npm worm, capable of disseminating itself throughout the developer environment. It achieves persistence using GitHub Actions and scans for sensitive information such as API keys and tokens employing the TruffleHog secret scanning tool. These collected secrets are subsequently exfiltrated to a public GitHub repository. In a recently identified second wave, Shai Hulud transferred the obtained credentials to a public repository named " Sha1-Hulud: The Second Coming."

The second wave of the Shai Hulud npm supply chain attack was first detected on November 24th, 2025, at 3:16:26 AM GMT+0. The earliest confirmed compromises involved 35 packages from the AsyncAPI project, with additional affected packages continuing to surface. This wave introduced two new payload files setup_bun[.]js and bun_environment[.]js, the latter containing the core data exfiltration capabilities. When a compromised package is installed, Shai Hulud executes during the installation process, granting attackers access to the victim's machine, build pipelines, or cloud infrastructure. Using TruffleHog, the malware scans for credentials, API keys, and tokens across cloud platforms including Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP), and attempts to escalate privileges within Docker environments.

eSentire's Threat Intelligence team previously issued an advisory on the campaign's first wave on September 16th, 2025, warning that further npm compromises were likely. With high-usage packages affected in the second wave, impacted organizations face significant exposure. Immediate remediation is required, including removing compromised packages, auditing CI/CD pipelines, and rotating any potentially exposed credentials. For long-term resilience, organizations should adopt the OWASP Software Component Verification Standard (SCVS) and maintain comprehensive Software Bill of Materials SBOM tracking to strengthen supply chain visibility and control.

References:
[1] https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains
[2] https://github.com/trufflesecurity/trufflehog
[3] https://www.esentire.com/security-advisories/new-npm-supply-chain-attack-identified
[4] https://cheatsheetseries.owasp.org/cheatsheets/NPM_Security_Cheat_Sheet.html
[5] https://www.wiz.io/blog/s1ngularity-supply-chain-attack
[6] https://www.esentire.com/security-advisories/new-npm-supply-chain-attack-identified
[7] https://owasp.org/www-project-software-component-verification-standard/
[8] https://www.cisa.gov/sbom
[9] https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack