Malicious Software Abuses npm Preinstall to Steal Sensitive Data, Compromising 25,000 GitHub Repositories

An npm supply-chain attack known as Shai-Hulud 2.0 has infiltrated widely used libraries in the developer and cryptocurrency sectors, including

(ENS) utilities and Zapier connections. Discovered by Wiz Research, this operation exploits the `preinstall` script during package setup, allowing attackers to steal sensitive data and insert malicious workflows into GitHub repositories . The attack has already impacted more than 25,000 repositories, with new incidents surfacing at a pace of 1,000 every half hour, highlighting the speed at which it is spreading.

This threat uses altered versions of authentic npm packages that, once installed, carry out credential theft and data extraction. Unlike earlier Shai-Hulud campaigns, this version introduces additional payloads like `setup_bun.js` and `bun_environment.js`, broadening its impact to platforms such as PostHog, Postman, and AsyncAPI. The malware enlists compromised systems as self-hosted GitHub runners and establishes workflows that let attackers run arbitrary commands through GitHub discussions. It also steals secrets from GitHub repositories by

as artifacts, then erases evidence of its actions.

Several prominent packages have been verified as compromised, including `@zapier/zapier-sdk` (versions 0.15.5–0.15.7), `@ensdomains/ens-validation` (0.1.1), and `@posthog/agent` (1.24.1). The campaign has also affected packages from smaller publishers like `@trigo/`, `@orbitgtbelgium/`, and `@louisle2/`. Wiz Research observed that while the techniques are similar to previous Shai-Hulud incidents, differences in payload design and spread suggest the possibility of new threat actors.

, but the persistent nature of the attack points to a highly organized operation.

Security professionals are strongly encouraged to act without delay. Suggested steps include uninstalling and replacing affected packages, purging npm caches, and rotating credentials like GitHub personal access tokens (PATs) and cloud provider keys. Developers should also review GitHub environments for repositories named "Shai-Hulud" or workflows with unusual commit histories.

by restricting the use of lifecycle scripts and limiting outbound connections to trusted domains is essential to reduce risk.

The breadth of this attack exposes significant weaknesses in software supply chains. Wiz Research pointed out that the attackers exploit npm’s extensive reach, with malicious packages being downloaded in various environments before removal. While GitHub is actively removing repositories tied to the campaign, new ones continue to appear, making containment more difficult.

As the situation develops, cybersecurity experts are watching to see if this marks a turning point in supply-chain attacks on open-source software. Developers are urged to keep dependencies up to date and use automated solutions to identify malicious behavior as it happens.