After a lengthy period of silence, npm’s registry administrators have launched emergency actions following a large-scale supply chain attack. By revoking detailed access keys with write permissions, the team aims to stop hackers from bypassing two-factor authentication. This move is intended to stem the fifth wave of the malicious software outbreak known as “Mini Shai-Hulud,” which has rapidly impacted Web3 developers.
Urgent call to action from npm
Amid an escalating security crisis, npm has issued an urgent alert to its users. Developers are being advised to immediately replace all existing secret keys and to migrate to the more secure Trusted Publishing method. These steps are designed to ensure compromised projects can be rapidly secured and cleansed of malware.
Security experts voice concern
However, cybersecurity professionals have criticized npm’s response as insufficient. Many researchers believe the measures only address surface-level symptoms, ignoring deeper vulnerabilities. Taylor Monahan, a security researcher at MetaMask, described npm’s delayed reaction as an admission of a fundamental infrastructure crisis. Another expert, Moshe Siman Tov Bustan, stressed that merely restricting access cannot halt malware proliferation and called for thorough technical analysis.
According to security researchers, revoking access keys may block new malware versions but fails to protect developers whose IDEs are already infected with “Mini Shai-Hulud.” Once embedded in a developer’s system, the spyware continues to steal sensitive data quietly, even if npm disables access on its end.
Mini glossary: npm is a central repository for open source packages widely used in JavaScript projects. Developers easily integrate these packages into their work. A supply-chain attack targets systems by compromising third-party code or services, often causing widespread impact.
The “Mini Shai-Hulud” malware and its impact
The latest wave stands out due to the malware’s ability to adapt to developers’ daily workflows. After infiltrating a system, it does more than harvest data: it hides within artificial intelligence assistants and IDE tool configurations. As a result, every time the developer runs an AI tool, the malware is reactivated without detection.
Even if a developer removes infected files or cleanses the system, relaunching an AI assistant can trigger a new infection. All valuable information—including AWS cloud credentials and crypto wallet private keys—is exfiltrated in encrypted form through GitHub’s official API. For security tools, this malicious activity is disguised as ordinary code uploads by legitimate developers.
Scale and reach of the attack
The recent attack wave peaked when the legitimate npm account “atool” was compromised. In just 27 minutes, automated software deployed a total of 637 infected versions across 323 distinct packages. The weekly download count for these packages has topped approximately 16 million.
| Package Name | Number of Infected Versions | Approximate Weekly Downloads |
|---|---|---|
| atool | 637 | 16,000,000 |
This incident has exposed major weaknesses in dependency-based ecosystems and reinforced the critical role of supply chain security. Experts are urging users to adopt more modern and secure access methods to protect their projects moving forward.
The sheer scale at which attackers gained access demonstrates the vulnerabilities within widely trusted packages and the urgent need for robust defense mechanisms across the software supply chain.
The npm team’s decision to revoke access keys is only a temporary measure, and more comprehensive investigations are necessary to prevent future incidents at this scale.
While access restrictions may slow the spread of new malware versions, developers must remain vigilant and adopt advanced security practices to protect their environments.
This attack highlights the evolving tactics of cybercriminals targeting the software ecosystem’s weakest links, putting millions of users and valuable assets at risk.
