Shai-Hulud npm worm stole developer secrets
The September 2025 Shai-Hulud npm worm campaign compromised official npm packages and used install-time JavaScript to steal developer and cloud credentials, publish secrets into attacker-controlled GitHub repositories, and attempt self-propagation through stolen npm tokens.
Story
Shai-Hulud was a registry worm. In mid-September 2025, malicious npm releases began carrying install-time JavaScript that searched developer and CI environments for GitHub, npm, cloud, and service credentials.
The first reports made the pattern clear: the attacker was not merely poisoning one package. The payload used TruffleHog and direct environment collection, then wrote stolen data into public GitHub repositories named Shai-Hulud. It also pushed GitHub Actions workflows into accessible repositories so future CI runs could expose repository secrets from inside trusted pipelines.
Propagation came from npm tokens. When the worm found a token with publish rights, it published new malicious versions of every package that token could write. That turned one compromised maintainer environment into many compromised package coordinates.
The campaign crossed organizational boundaries quickly. Scoped packages from companies and open-source maintainers appeared alongside smaller libraries, all carrying the same install-time risk: run the package manager in a privileged environment, and the worm got a chance to steal what that environment could see.
The campaign was severe because it joined theft and distribution. It did not only steal secrets from machines that installed bad packages; it used the same secrets to produce more bad packages through official npm release channels. The package-level records keep those coordinates searchable, while this page preserves the shared worm behavior.
Linked Attacks
2025
An attacker targeted a shared repository (angulartics2) where the maintainer had admin rights. They pushed a malicious branch (Shai-Hulud) containing a GitHub Actions workflow that immediately ran, exfiltrating a static npm token with broad publish rights.
The Shai-Hulud self-propagating worm compromised several official @crowdstrike/ scoped npm packages as part of a broader 526-package wave. This record tracks the CrowdStrike package scope specifically.
Campaign Context
- Actor
- Third Party
- Attribution
- Group
- Cause
- Unknown
Affected Packages
- @crowdstrike/commitlint 8.1.1, 8.1.2
- @crowdstrike/falcon-shoelace 0.4.1, 0.4.2
- @crowdstrike/foundry-js 0.19.1, 0.19.2
- @crowdstrike/glide-core 0.34.2, 0.34.3
- @crowdstrike/logscale-dashboard 1.205.1, 1.205.2
- @crowdstrike/logscale-file-editor 1.205.1, 1.205.2
- @crowdstrike/logscale-parser-edit 1.205.1, 1.205.2
- @crowdstrike/logscale-search 1.205.1, 1.205.2
- @crowdstrike/tailwind-toucan-base 5.0.1, 5.0.2
- ctrl-tinycolor 4.1.1, 4.1.2
External References
Source record: oss/campaigns/shai-hulud-npm-2025/meta.yaml