The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and publishing stolen data in 30,000 GitHub repositories.
Although just about 10,000 of the exposed secrets were verified as valid by the open-source TruffleHog scanning tool, researchers at cloud security platform Wiz say that more than 60% of the leaked NPM tokens were still valid as of December 1st.
The Shai-Hulud threat emerged in mid-September, compromising 187 NPM packages with a self-propagating payload that identified account tokens using TruffleHog, injected a malicious script into the packages, and automatically published them on the platform.
In the second attack, the malware impacted over 800 packages (counting all infected versions of a package) and included a destructive mechanism that wiped the victim’s home directory if certain conditions were met.
Pace of new GitHub accounts publishing secrets on new repositories
Source: Wiz
Wiz researchers analyzing the leak of secrets that the Shai-Hulud 2.0 attack spread over 30,000 GitHub repositories, found that the following types of secrets have been exposed:
about 70% of the repositories had a contents.json file with GitHub usernames and tokens, and file snapshots
half of them had the truffleSecrets.json file containing TruffleHog scan results
80% of the repositories had the environment.json file with OS info, CI/CD metadata, npm package metadata, and GitHub
npm, Inc. cybersecurity rating report: https://www.rankiteo.com/company/npm-inc-
"id": "NPM1764705355",
"linkid": "npm-inc-",
"type": "Cyber Attack",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'incident': {'affected_entities': [{'customers_affected': 'Hundreds of '
'packages infected',
'industry': 'Software Development',
'location': None,
'name': 'NPM (Node Package Manager)',
'size': None,
'type': 'Package Registry'},
{'customers_affected': '30,000 '
'repositories '
'compromised',
'industry': 'Software Development',
'location': None,
'name': 'GitHub',
'size': None,
'type': 'Code Repository'}],
'attack_vector': 'Malicious NPM packages',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Yes (published in GitHub '
'repositories)',
'file_types_exposed': ['contents.json',
'truffleSecrets.json',
'environment.json'],
'number_of_records_exposed': '400,000 raw '
'secrets',
'personally_identifiable_information': 'GitHub '
'usernames '
'and '
'tokens',
'sensitivity_of_data': 'High (60% of leaked NPM '
'tokens still valid as of '
'December 1st)',
'type_of_data_compromised': ['GitHub usernames '
'and tokens',
'TruffleHog scan '
'results',
'OS info',
'CI/CD metadata',
'npm package '
'metadata']},
'description': 'The second Shai-Hulud attack exposed around '
'400,000 raw secrets after infecting hundreds of '
'packages in the NPM (Node Package Manager) '
'registry and publishing stolen data in 30,000 '
'GitHub repositories. The attack compromised over '
'800 NPM packages and included a destructive '
'mechanism that wiped the victim’s home directory '
'if certain conditions were met.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': '400,000 raw secrets exposed',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High (exposure of GitHub '
'tokens and PII)',
'legal_liabilities': None,
'operational_impact': 'Potential data exfiltration '
'and system wipes',
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': 'NPM registry, GitHub '
'repositories'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': 'NPM packages',
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': 'Self-propagating '
'malicious payload in '
'NPM packages'},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Wiz',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': 'Wiz (cloud security '
'platform)'},
'threat_actor': 'Shai-Hulud',
'title': 'Shai-Hulud 2.0 NPM and GitHub Secrets Exposure',
'type': 'Supply Chain Attack',
'vulnerability_exploited': 'Self-propagating payload in NPM '
'packages'}}