SAP npm Packages Compromised in Suspected TeamPCP Supply-Chain Attack
Security researchers have uncovered a supply-chain attack targeting multiple official SAP npm packages, believed to be orchestrated by the TeamPCP threat group. The compromise affected four packages @cap-js/sqlite (v2.2.2), @cap-js/postgres (v2.2.2), @cap-js/db-service (v2.10.1), and mbt (v1.2.48) which support SAP’s Cloud Application Programming Model (CAP) and Cloud MTA, widely used in enterprise development.
The malicious packages contained a preinstall script that executed automatically upon installation, deploying a loader (setup.mjs) to fetch the Bun JavaScript runtime from GitHub. This runtime then ran an obfuscated execution.js payload, designed to steal sensitive credentials from developer systems and CI/CD environments, including:
- npm and GitHub authentication tokens
- SSH keys and developer credentials
- Cloud credentials (AWS, Azure, Google Cloud)
- Kubernetes configurations and secrets
- CI/CD pipeline secrets and environment variables
On CI runners, the malware used an embedded Python script to scan process memory (/proc/<pid>/maps and /proc/<pid>/mem) for secrets, bypassing log masking a tactic identical to previous TeamPCP attacks, such as those targeting Bitwarden and Checkmarx.
Stolen data was encrypted and exfiltrated to public GitHub repositories under victims’ accounts, marked with the description "A Mini Shai-Hulud has Appeared" a reference mirroring the "Shai-Hulud: The Third Coming" string from earlier attacks. The malware also employed GitHub commit searches as a dead-drop mechanism, decoding commit messages containing base64-encoded tokens to escalate access.
Additionally, the payload included self-propagation capabilities, using stolen credentials to modify other accessible packages and repositories, further spreading the infection.
Researchers have linked the attack to TeamPCP with medium confidence, citing similarities in code and tactics to prior incidents involving Trivy, Checkmarx, and Bitwarden. While the exact compromise vector remains unclear, evidence suggests an exposed NPM token from a misconfigured CircleCI job may have been exploited.
SAP has not yet responded to inquiries regarding the breach. The affected package versions have since been deprecated on npm.
Checkmarx Zero cybersecurity rating report: https://www.rankiteo.com/company/checkmarx-zero
SAP cybersecurity rating report: https://www.rankiteo.com/company/sap
SecurityWeek cybersecurity rating report: https://www.rankiteo.com/company/securityweek
"id": "CHESAPSEC1777508710",
"linkid": "checkmarx-zero, sap, securityweek",
"type": "Cyber Attack",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Enterprise developers using '
'affected npm packages',
'industry': 'Software/Technology',
'name': 'SAP',
'size': 'Large',
'type': 'Enterprise Software Company'}],
'attack_vector': 'Compromised npm packages',
'data_breach': {'data_encryption': 'Yes (stolen data was encrypted before '
'exfiltration)',
'data_exfiltration': 'Yes (to public GitHub repositories '
'under victims’ accounts)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Authentication tokens',
'SSH keys',
'Cloud credentials',
'Kubernetes secrets',
'CI/CD pipeline secrets']},
'description': 'Security researchers uncovered a supply-chain attack '
'targeting multiple official SAP npm packages, believed to be '
'orchestrated by the TeamPCP threat group. The compromise '
'affected four packages (@cap-js/sqlite v2.2.2, '
'@cap-js/postgres v2.2.2, @cap-js/db-service v2.10.1, and mbt '
'v1.2.48) which support SAP’s Cloud Application Programming '
'Model (CAP) and Cloud MTA. The malicious packages contained a '
'preinstall script that executed automatically upon '
'installation, deploying a loader to fetch the Bun JavaScript '
'runtime from GitHub, which then ran an obfuscated payload to '
'steal sensitive credentials from developer systems and CI/CD '
'environments.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to SAP '
'due to compromised official packages',
'data_compromised': ['npm and GitHub authentication tokens',
'SSH keys and developer credentials',
'Cloud credentials (AWS, Azure, Google Cloud)',
'Kubernetes configurations and secrets',
'CI/CD pipeline secrets and environment '
'variables'],
'identity_theft_risk': 'High (stolen developer and cloud '
'credentials)',
'operational_impact': 'Potential unauthorized access to cloud '
'environments and CI/CD pipelines',
'systems_affected': 'Developer systems and CI/CD environments'},
'initial_access_broker': {'backdoors_established': 'Malicious preinstall '
'script in npm packages',
'entry_point': 'Exposed NPM token (suspected)',
'high_value_targets': 'Developer systems and CI/CD '
'environments'},
'investigation_status': 'Ongoing',
'motivation': 'Credential theft, data exfiltration, and further propagation',
'post_incident_analysis': {'root_causes': 'Suspected exposed NPM token from '
'misconfigured CircleCI job'},
'references': [{'source': 'Security Research Report'}],
'response': {'containment_measures': 'Affected package versions deprecated on '
'npm'},
'threat_actor': 'TeamPCP',
'title': 'SAP npm Packages Compromised in Suspected TeamPCP Supply-Chain '
'Attack',
'type': 'Supply-Chain Attack',
'vulnerability_exploited': 'Exposed NPM token from misconfigured CircleCI job '
'(suspected)'}