The NPM ecosystem faced a **sophisticated supply chain attack** targeting the widely used **@ctrl/tinycolor** package (2M+ weekly downloads) and **40+ other packages** across multiple maintainers. The attack featured a **self-propagating malware** that automatically infected downstream dependencies, harvesting **NPM tokens, GitHub PATs, AWS/Azure/GCP credentials**, and cloud metadata via a repurposed **TruffleHog** tool. Exfiltrated data was sent to a **remote webhook (webhook.site)**, while a **malicious GitHub Actions workflow** ensured persistence for reinfection or further data theft.The compromise spread to critical packages like **angular2, @ctrl/namespace libraries, @nativescript-community tools, ngx-color, and koa2-swagger-ui**, risking **cascading breaches** across dependent projects. Indicators included a **malicious `bundle.js` (SHA-256: `46faab8ab153...`)** and unauthorized `NpmModule.updatePackage` calls. While NPM removed the tainted packages, organizations were urged to **downgrade, rotate all credentials**, and audit infrastructures for backdoors.The attack exposed **severe vulnerabilities in open-source supply chains**, demonstrating how automated propagation can **rapidly compromise entire ecosystems**, threatening **developer trust, operational integrity, and downstream security** for millions of users.
Source: https://cyberpress.org/npm-supply-chain-breach/
TPRM report: https://www.rankiteo.com/company/npm-inc-
"id": "npm3450834100325",
"linkid": "npm-inc-",
"type": "Cyber Attack",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '2M+ weekly downloads (for '
'@ctrl/tinycolor alone)',
'industry': 'software development',
'location': 'global',
'name': 'NPM (Node Package Manager) ecosystem',
'type': 'package registry'},
{'industry': 'various (technology-dependent)',
'location': 'global',
'name': 'Organizations using @ctrl/tinycolor',
'type': ['enterprises',
'developers',
'open-source projects']},
{'industry': 'software development',
'location': 'global',
'name': 'Maintainers of compromised packages',
'type': 'open-source developers'}],
'attack_vector': ['compromised NPM packages',
'self-propagating malware',
'malicious GitHub Actions workflow',
'credential harvesting via TruffleHog'],
'customer_advisories': ['Check dependency trees for compromised packages',
'Monitor for unauthorized access or deployments',
'Report any suspicious activity to package '
'maintainers'],
'data_breach': {'data_exfiltration': ['credentials sent to '
'webhook.site/bb8ca5f6-4175-45d2-b042-fc9ebb8170b7'],
'file_types_exposed': ['bundle.js (malicious)',
'GitHub Actions workflow files (.yml)'],
'sensitivity_of_data': 'high (full access to code '
'repositories, cloud environments, and '
'deployment pipelines)',
'type_of_data_compromised': ['credentials',
'authentication tokens',
'cloud service keys',
'metadata']},
'description': 'The NPM ecosystem experienced a sophisticated supply chain '
'attack compromising the widely used @ctrl/tinycolor package '
'(2M+ weekly downloads) and over 40 other packages. The attack '
'featured a self-propagating mechanism that automatically '
'infected downstream packages, creating cascading compromises. '
'Malicious versions (4.1.1, 4.1.2) of @ctrl/tinycolor were '
'published before detection by community member @franky47. The '
'attack targeted credentials (NPM tokens, GitHub PATs, '
'AWS/Azure/GCP keys) via a repurposed TruffleHog tool, '
'exfiltrating them to a remote webhook. Persistence was '
'maintained via a malicious GitHub Actions workflow. Affected '
'packages included angular2, @ctrl/namespace libraries, '
'@nativescript-community packages, and popular libraries like '
'ngx-color and koa2-swagger-ui.',
'impact': {'brand_reputation_impact': ['erosion of trust in NPM ecosystem',
'concerns over open-source supply '
'chain security',
'potential hesitation in adopting '
'JavaScript packages'],
'data_compromised': ['NPM authentication tokens',
'GitHub personal access tokens',
'AWS access keys',
'Google Cloud Platform service credentials',
'Azure credentials',
'cloud metadata endpoint data'],
'identity_theft_risk': ['high (due to stolen credentials)',
'potential for account takeovers'],
'operational_impact': ['compromised build processes',
'unauthorized code execution',
'potential for further lateral movement',
'need for widespread credential rotation'],
'systems_affected': ['NPM ecosystem',
'GitHub repositories with infected workflows',
'CI/CD pipelines',
'cloud environments (AWS, GCP, Azure)']},
'initial_access_broker': {'backdoors_established': ['malicious GitHub Actions '
'workflow '
'(shai-hulud-workflow.yml)',
'persistent credential '
'harvesting via '
'bundle.js'],
'entry_point': ['compromised NPM maintainer '
'accounts',
'malicious package updates (4.1.1, '
'4.1.2 of @ctrl/tinycolor)'],
'high_value_targets': ['NPM authentication tokens',
'GitHub PATs',
'cloud service credentials '
'(AWS, GCP, Azure)']},
'investigation_status': 'ongoing (malicious packages removed; full scope of '
'compromise under assessment)',
'lessons_learned': ['Supply chain attacks can self-propagate across '
'ecosystems with minimal manual intervention.',
'Open-source package maintainers are high-value targets '
'for credential harvesting.',
'Automated propagation mechanisms (e.g., '
'NpmModule.updatePackage) can rapidly compromise entire '
'dependency trees.',
'GitHub Actions workflows can be weaponized for '
'persistence and reinfection.',
'Current NPM security controls (e.g., lack of cooldown '
'periods) are insufficient against sophisticated attacks.',
'Credential rotation and infrastructure audits are '
'critical post-compromise steps.'],
'motivation': ['credential theft',
'supply chain compromise',
'persistent access',
'data exfiltration'],
'post_incident_analysis': {'corrective_actions': ['Enhance NPM’s package '
'publishing safeguards '
'(e.g., mandatory cooldown '
'periods).',
'Develop automated tools to '
'detect and block '
'propagation-based attacks.',
'Implement stricter '
'maintainer authentication '
'and package signing '
'requirements.',
'Expand monitoring for '
'credential exfiltration '
'and unauthorized workflow '
'modifications.',
'Promote adoption of SBOMs '
'(Software Bill of '
'Materials) for '
'transparency.'],
'root_causes': ['Insufficient validation of '
'package updates in NPM ecosystem.',
'Lack of automated detection for '
'self-propagating malware in '
'dependencies.',
'Over-reliance on maintainer trust '
'without behavioral monitoring.',
'Vulnerability of CI/CD pipelines '
'(e.g., GitHub Actions) to '
'persistence mechanisms.',
'Delayed detection due to absence '
'of runtime security controls.']},
'recommendations': ['Implement package cooldown periods to delay propagation '
'of malicious updates.',
'Adopt runtime monitoring for detecting anomalous package '
'behavior.',
'Enforce multi-factor authentication (MFA) for NPM and '
'GitHub accounts.',
'Use automated tools to scan for secrets and malicious '
'code in dependencies.',
'Audit CI/CD pipelines for unauthorized workflows or '
'modifications.',
'Isolate build environments to limit lateral movement.',
'Educate developers on supply chain risks and secure '
'coding practices.',
'Monitor for indicators of compromise (IoCs) like '
'suspicious NpmModule.updatePackage calls or unknown '
'webhook exfiltration.'],
'references': [{'source': 'GitHub issue reported by @franky47'},
{'source': 'Socket.dev technical analysis'},
{'source': 'Step Security artifact monitoring'}],
'response': {'communication_strategy': ['public disclosure via GitHub issues',
'technical analysis by Socket.dev',
'advisories for affected '
'organizations'],
'containment_measures': ['removal of malicious packages from NPM',
'blacklisting of malicious versions '
'(4.1.1, 4.1.2 of @ctrl/tinycolor)',
'identification of indicators of '
'compromise (IoCs)'],
'enhanced_monitoring': ['recommendation for runtime monitoring '
'solutions',
'package cooldown periods'],
'incident_response_plan_activated': True,
'remediation_measures': ['downgrade to safe package versions',
'rotation of all NPM tokens',
'rotation of GitHub credentials',
'rotation of cloud service keys (AWS, '
'GCP, Azure)',
'audit of infrastructure for '
'unauthorized modifications',
'removal of malicious GitHub Actions '
'workflow '
'(.github/workflows/shai-hulud-workflow.yml)'],
'third_party_assistance': ['Socket.dev (technical analysis)',
'Step Security (artifact monitoring)',
'community reporting (e.g., '
'@franky47)']},
'stakeholder_advisories': ['Immediately remove or downgrade affected packages',
'Rotate all compromised credentials',
'Audit infrastructure for signs of further '
'compromise'],
'title': 'Sophisticated Supply Chain Attack on NPM Ecosystem via '
'@ctrl/tinycolor and Related Packages',
'type': ['supply chain attack',
'credential harvesting',
'malware propagation',
'data exfiltration'],
'vulnerability_exploited': ['NPM package dependency trust model',
'automated package update mechanisms',
'lack of package cooldown periods',
'insecure credential storage in CI/CD '
'environments']}