npm · 2025
Shai-Hulud 2.0
Second wave of the Shai-Hulud npm worm. 796 packages backdoored via stolen maintainer credentials, self-propagates through the same postinstall pattern as wave 1.
What happened
The Shai-Hulud worm returned in November 2025 with a materially larger blast radius than its September debut. The wave 2 outbreak backdoored 796 npm packages across the registry, republishing malicious versions of legitimate libraries under attacker-controlled maintainer sessions.
For context, the original wave in September 2025 hit roughly 200 packages and around 500 versions before npm and OpenSSF coordinated takedowns. Wave 2 resurfaced the same mechanic with new tooling and, crucially, better handling of the two-factor gate that slowed the September outbreak.
How it propagated
Shai-Hulud is a proper worm, not a one-shot supply-chain compromise. Each
backdoored package ships a postinstall script that harvests credentials
from the host that installs it. npm tokens in ~/.npmrc, GitHub PATs from
gh CLI config, cloud CLI profiles, SSH keys. Those tokens are then used to
authenticate to npm and republish tainted versions of any package the
compromised maintainer owns. Every install becomes a potential re-publisher.
The result is a compounding curve rather than a fixed victim count.
What Drig sees
The lang_pkg collector inventories package.json, package-lock.json,
yarn.lock, and pnpm-lock.yaml across every enrolled endpoint and streams
package + version + hash. The signed catalog lists every affected version
range; retro-match runs the campaign template across current fleet state
without a rescan on the endpoint. Exposed hosts appear in the console with
the tainted version pinned and the install-source path.
Rotation checklist
- Revoke every npm token issued to affected machines (
npm token revoke). - Cycle GitHub personal access tokens and OAuth app tokens on the same hosts.
- Rotate SSH keys and cloud CLI credentials that were resident during the exposure window.
- Force IdP re-authentication for the developer identities involved.
- Rebuild lockfiles from a clean base after upstream versions are restored.
Sekeye ships Shai-Hulud 2.0 as a signed campaign template. When wave 3 arrives, and worm ecosystems suggest it will, retro-match catches current fleet state against the new IOC set without a Drig release.