Self-Replicating ‘Shai-hulud’ Worm Targets NPM Packages
Summary
Shai-hulud is a newly observed self-replicating worm that has infected hundreds of NPM packages. First detected by ReversingLabs on 15 September 2025, the worm installs an info-stealer that harvests tokens, credentials and secrets from developer environments, then uses stolen NPM access to publish poisoned versions of other packages and continue the chain of infection.
Key Points
- Shai-hulud is a self-replicating info-stealing worm detected in mid-September 2025.
- It activates when a poisoned dependency is used, running a postinstall payload that harvests secrets (NPM, GitHub, AWS, GCP tokens).
- The worm uses stolen developer accounts to publish new compromised versions of packages, creating a propagation loop.
- It installs TruffleHog in compromised environments to hunt for additional secrets and attempts to copy private repos publicly.
- ReversingLabs identified roughly 700 likely affected repositories; the probable initial infected package is “rxnt-authentication.”
- Wiz links the campaign to the recent Nx/S1ngularity supply-chain compromises that began with GitHub token theft.
- Mitigations include checking NPM account activity for “Shai-Hulud Migration” entries, rotating leaked secrets and rapid takedowns to interrupt propagation.
Content Summary
The worm starts inside a compromised component. When that component is installed as part of building software, a postinstall action runs a malicious bundle that steals secrets and credentials from the developer’s environment. With those credentials the worm logs into the developer’s NPM account, finds other packages maintained by that developer, injects itself into those packages and publishes new poisoned versions.
Shai-hulud targets tokens for NPM, GitHub, AWS and GCP and also deploys TruffleHog to discover further secrets. It will attempt to make private repositories public to harvest hardcoded secrets and source code that could reveal vulnerabilities. ReversingLabs and Wiz note connections to recent supply-chain compromises and token theft campaigns.
At the time of reporting, vendors estimate hundreds of packages are affected; ReversingLabs found roughly 700 likely impacted repositories. The campaign’s intent is unclear beyond large-scale secret harvesting, which makes it particularly dangerous because abused credentials could be used in follow-on attacks.
Context and Relevance
This incident highlights the persistent risk of software supply-chain attacks in the NPM ecosystem. Because many organisations and projects depend on a small number of open-source components, a worm that can propagate automatically via developer accounts raises the chance of widespread compromise. Security teams, maintainers and developers all need to treat compromised developer credentials as high-risk: rotate secrets, audit account activity and harden developer workstations and CI pipelines.
Author style
Punchy: If you build on NPM, this is not theoretical—it’s urgent. The details matter because small tokens and careless automation are how this worm spreads.
Why should I read this?
Short answer: because if you or your team use NPM packages, this worm could already be in your dependency graph. We’ve read the technical bits so you don’t have to — but do check your developer account activity, rotate any exposed credentials and tighten CI/secret handling now.