Sandworms in the Supply Chain: The “Shai‑Hulud” npm Credential Theft
Overview
Attackers slipped malicious code into new releases of a popular open-source color library @ctrl/tinycolor versions 4.1.1 and 4.1.2. The same campaign also trojanized 40+ packages across multiple maintainers.
How it spread
Installing a compromised package ran code that stole developer/build credentials. With those credentials, attackers could publish malicious updates to other packages owned by the same maintainer, widening the attack surface.
Who is affected
Developers and organizations that installed the tainted versions during the brief time window before takedown. Regular end-users are indirectly at risk if the apps they use were built during that period of time with the compromised packages.
Impact
Potential exposure of keys and tokens used to publish software or access cloud services and the chance of more malicious updates being pushed using those stolen credentials.
What you should do
As a minimum containment measures you should:
- Remove/downgrade affected versions and rebuild from a clean cache/artifact source.
- Rotate/revoke and replace credentials used on any affected machine or CI runner (npm tokens, GitHub PATs/Actions secrets, cloud keys).
- Audit logs for signs of suspicious installs, unauthorized publishes or automated workflow files.
- Check GitHub for a new repo named “Shai-Hulud”. This campaign creates a public repo under victims’ accounts to dump stolen data. If found, remove it, review its contents/history to better understand the scope of the leak.
However, overall the affected machines should be considered fully compromised. Therefore, full reinstall\reimaging is preferred.
Technical Analysis
The OX Security team found 34 compromised GitHub accounts which contain the “Shai-Hulud” repository, inside it a “data.json” containing an encoded JSON with all of the compromised information the attacker uploaded to the victim’s GitHub account.
The attack
After decoding the information using a double decode base64 function, we can see all of the compromised data of the user’s account, including github token, AWS and GCP secrets.
| Package | Versions |
| @ahmedhfarag/ngx-perfect-scrollbar | 20.0.20 |
| @ahmedhfarag/ngx-virtual-scroller | 4.0.4 |
| @art-ws/common | 2.0.28 |
| @art-ws/config-eslint | 2.0.4, 2.0.5 |
| @art-ws/config-ts | 2.0.7, 2.0.8 |
| @art-ws/db-context | 2.0.24 |
| @art-ws/di | 2.0.28, 2.0.32 |
| @art-ws/di-node | 2.0.13 |
| @art-ws/eslint | 1.0.5, 1.0.6 |
| @art-ws/fastify-http-server | 2.0.24, 2.0.27 |
| @art-ws/http-server | 2.0.21, 2.0.25 |
| @art-ws/openapi | 0.1.9, 0.1.12 |
| @art-ws/package-base | 1.0.5, 1.0.6 |
| @art-ws/prettier | 1.0.5, 1.0.6 |
| @art-ws/slf | 2.0.15, 2.0.22 |
| @art-ws/ssl-info | 1.0.9, 1.0.10 |
| @art-ws/web-app | 1.0.3, 1.0.4 |
| @crowdstrike/commitlint | 8.1.1, 8.1.2 |
| @crowdstrike/falcon-shoelace | 0.4.1, 0.4.2 |
| @crowdstrike/foundry-js | 0.19.1, 0.19.2 |
| @crowdstrike/glide-core | 0.34.2, 0.34.3 |
| @crowdstrike/logscale-dashboard | 1.205.1, 1.205.2 |
| @crowdstrike/logscale-file-editor | 1.205.1, 1.205.2 |
| @crowdstrike/logscale-parser-edit | 1.205.1, 1.205.2 |
| @crowdstrike/logscale-search | 1.205.1, 1.205.2 |
| @crowdstrike/tailwind-toucan-base | 5.0.1, 5.0.2 |
| @ctrl/deluge | 7.2.1, 7.2.2 |
| @ctrl/golang-template | 1.4.2, 1.4.3 |
| @ctrl/magnet-link | 4.0.3, 4.0.4 |
| @ctrl/ngx-codemirror | 7.0.1, 7.0.2 |
| @ctrl/ngx-csv | 6.0.1, 6.0.2 |
| @ctrl/ngx-emoji-mart | 9.2.1, 9.2.2 |
| @ctrl/ngx-rightclick | 4.0.1, 4.0.2 |
| @ctrl/qbittorrent | 9.7.1, 9.7.2 |
| @ctrl/react-adsense | 2.0.1, 2.0.2 |
| @ctrl/shared-torrent | 6.3.1, 6.3.2 |
| @ctrl/tinycolor | 4.1.1, 4.1.2 |
| @ctrl/torrent-file | 4.1.1, 4.1.2 |
| @ctrl/transmission | 7.3.1 |
| @ctrl/ts-base32 | 4.0.1, 4.0.2 |
| @hestjs/core | 0.2.1 |
| @hestjs/cqrs | 0.1.6 |
| @hestjs/demo | 0.1.2 |
| @hestjs/eslint-config | 0.1.2 |
| @hestjs/logger | 0.1.6 |
| @hestjs/scalar | 0.1.7 |
| @hestjs/validation | 0.1.6 |
| @nativescript-community/arraybuffers | 1.1.6, 1.1.7, 1.1.8 |
| @nativescript-community/gesturehandler | 2.0.35 |
| @nativescript-community/perms | 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9 |
| @nativescript-community/sqlite | 3.5.2, 3.5.3, 3.5.4, 3.5.5 |
| @nativescript-community/text | 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13 |
| @nativescript-community/typeorm | 0.2.30, 0.2.31, 0.2.32, 0.2.33 |
| @nativescript-community/ui-collectionview | 6.0.6 |
| @nativescript-community/ui-document-picker | 1.1.27, 1.1.28 |
| @nativescript-community/ui-drawer | 0.1.30 |
| @nativescript-community/ui-image | 4.5.6 |
| @nativescript-community/ui-label | 1.3.35, 1.3.36, 1.3.37 |
| @nativescript-community/ui-material-bottom-navigation | 7.2.72, 7.2.73, 7.2.74, 7.2.75 |
| @nativescript-community/ui-material-bottomsheet | 7.2.72 |
| @nativescript-community/ui-material-core | 7.2.72, 7.2.73, 7.2.74, 7.2.75, 7.2.76 |
| @nativescript-community/ui-material-core-tabs | 7.2.72, 7.2.73, 7.2.74, 7.2.75, 7.2.76 |
| @nativescript-community/ui-material-ripple | 7.2.72, 7.2.73, 7.2.74, 7.2.75 |
| @nativescript-community/ui-material-tabs | 7.2.72, 7.2.73, 7.2.74, 7.2.75 |
| @nativescript-community/ui-pager | 14.1.36, 14.1.37, 14.1.38, 14.1.35 |
| @nativescript-community/ui-pulltorefresh | 2.5.4, 2.5.5, 2.5.6, 2.5.7 |
| @nexe/config-manager | 0.1.1 |
| @nexe/eslint-config | 0.1.1 |
| @nexe/logger | 0.1.3 |
| @nstudio/angular | 20.0.4, 20.0.5, 20.0.6 |
| @nstudio/focus | 20.0.4, 20.0.5, 20.0.6 |
| @nstudio/nativescript-checkbox | 2.0.6, 2.0.7, 2.0.8, 2.0.9 |
| @nstudio/nativescript-loading-indicator | 5.0.1, 5.0.2, 5.0.3, 5.0.4 |
| @nstudio/ui-collectionview | 5.1.11, 5.1.12, 5.1.13, 5.1.14 |
| @nstudio/web | 20.0.4 |
| @nstudio/web-angular | 20.0.4 |
| @nstudio/xplat | 20.0.5, 20.0.6, 20.0.7, 20.0.4 |
| @nstudio/xplat-utils | 20.0.5, 20.0.6, 20.0.7, 20.0.4 |
| @operato/board | 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46 |
| @operato/data-grist | 9.0.29, 9.0.35, 9.0.36, 9.0.37 |
| @operato/graphql | 9.0.22, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46 |
| @operato/headroom | 9.0.2, 9.0.35, 9.0.36, 9.0.37 |
| @operato/help | 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46 |
| @operato/i18n | 9.0.35, 9.0.36, 9.0.37 |
| @operato/input | 9.0.27, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46 |
| @operato/layout | 9.0.35, 9.0.36, 9.0.37 |
| @operato/popup | 9.0.22, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46 |
| @operato/pull-to-refresh | 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42 |
| @operato/shell | 9.0.22, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39 |
| @operato/styles | 9.0.2, 9.0.35, 9.0.36, 9.0.37 |
| @operato/utils | 9.0.22, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46 |
| @teselagen/bounce-loader | 0.3.16, 0.3.17 |
| @teselagen/liquibase-tools | 0.4.1 |
| @teselagen/range-utils | 0.3.14, 0.3.15 |
| @teselagen/react-list | 0.8.19, 0.8.20 |
| @teselagen/react-table | 6.10.19, 6.10.21 |
| @thangved/callback-window | 1.1.4 |
| @things-factory/attachment-base | 9.0.43, 9.0.44, 9.0.45, 9.0.46, 9.0.47, 9.0.48, 9.0.49, 9.0.50 |
| @things-factory/auth-base | 9.0.43, 9.0.44, 9.0.45 |
| @things-factory/email-base | 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46, 9.0.47, 9.0.48, 9.0.49, 9.0.50, 9.0.51, 9.0.52, 9.0.53, 9.0.54 |
| @things-factory/env | 9.0.42, 9.0.43, 9.0.44, 9.0.45 |
| @things-factory/integration-base | 9.0.43, 9.0.44, 9.0.45 |
| @things-factory/integration-marketplace | 9.0.43, 9.0.44, 9.0.45 |
| @things-factory/shell | 9.0.43, 9.0.44, 9.0.45 |
| @tnf-dev/api | 1.0.8 |
| @tnf-dev/core | 1.0.8 |
| @tnf-dev/js | 1.0.8 |
| @tnf-dev/mui | 1.0.8 |
| @tnf-dev/react | 1.0.8 |
| @ui-ux-gang/devextreme-angular-rpk | 24.1.7 |
| @yoobic/design-system | 6.5.17 |
| @yoobic/jpeg-camera-es6 | 1.0.13 |
| @yoobic/yobi | 8.7.53 |
| airchief | 0.3.1 |
| airpilot | 0.8.8 |
| angulartics2 | 14.1.1, 14.1.2 |
| browser-webdriver-downloader | 3.0.8 |
| capacitor-notificationhandler | 0.0.2, 0.0.3 |
| capacitor-plugin-healthapp | 0.0.2, 0.0.3 |
| capacitor-plugin-ihealth | 1.1.8, 1.1.9 |
| capacitor-plugin-vonage | 1.0.2, 1.0.3 |
| capacitorandroidpermissions | 0.0.4, 0.0.5 |
| config-cordova | 0.8.5 |
| cordova-plugin-voxeet2 | 1.0.24 |
| cordova-voxeet | 1.0.32 |
| create-hest-app | 0.1.9 |
| db-evo | 1.1.4, 1.1.5 |
| devextreme-angular-rpk | 21.2.8 |
| ember-browser-services | 5.0.2, 5.0.3 |
| ember-headless-form | 1.1.2, 1.1.3 |
| ember-headless-form-yup | 1.0.1 |
| ember-headless-table | 2.1.5, 2.1.6 |
| ember-url-hash-polyfill | 1.0.12, 1.0.13 |
| ember-velcro | 2.2.1, 2.2.2 |
| encounter-playground | 0.0.2, 0.0.3, 0.0.4, 0.0.5 |
| eslint-config-crowdstrike | 11.0.2, 11.0.3 |
| eslint-config-crowdstrike-node | 4.0.3, 4.0.4 |
| eslint-config-teselagen | 6.1.7 |
| globalize-rpk | 1.7.4 |
| graphql-sequelize-teselagen | 5.3.8 |
| html-to-base64-image | 1.0.2 |
| json-rules-engine-simplified | 0.2.1, 0.2.4, 0.2.3, 0.2.2 |
| jumpgate | 0.0.2 |
| koa2-swagger-ui | 5.11.1, 5.11.2 |
| mcfly-semantic-release | 1.3.1 |
| mcp-knowledge-base | 0.0.2 |
| mcp-knowledge-graph | 1.2.1 |
| mobioffice-cli | 1.0.3 |
| monorepo-next | 13.0.1, 13.0.2 |
| mstate-angular | 0.4.4 |
| mstate-cli | 0.4.7 |
| mstate-dev-react | 1.1.1 |
| mstate-react | 1.6.5 |
| ng2-file-upload | 7.0.2, 7.0.3, 8.0.1, 8.0.2, 8.0.3, 9.0.1 |
| ngx-bootstrap | 18.1.4, 19.0.3, 19.0.4, 20.0.3, 20.0.4, 20.0.5, 20.0.6 |
| ngx-color | 10.0.1, 10.0.2 |
| ngx-toastr | 19.0.1, 19.0.2 |
| ngx-trend | 8.0.1 |
| ngx-ws | 1.1.5, 1.1.6 |
| oradm-to-gql | 35.0.14, 35.0.15 |
| oradm-to-sqlz | 1.1.2, 1.1.3, 1.1.4 |
| ove-auto-annotate | 0.0.9 |
| pm2-gelf-json | 1.0.4, 1.0.5 |
| printjs-rpk | 1.6.1 |
| react-complaint-image | 0.0.32, 0.0.33, 0.0.34, 0.0.35 |
| react-jsonschema-form-conditionals | 0.3.18, 0.3.19, 0.3.20, 0.3.21 |
| remark-preset-lint-crowdstrike | 4.0.1, 4.0.2 |
| rxnt-authentication | 0.0.3, 0.0.4, 0.0.5, 0.0.6 |
| rxnt-healthchecks-nestjs | 1.0.2, 1.0.3, 1.0.4, 1.0.5 |
| rxnt-kue | 1.0.4, 1.0.5, 1.0.6, 1.0.7 |
| swc-plugin-component-annotate | 1.9.1, 1.9.2 |
| tbssnch | 1.0.2 |
| teselagen-interval-tree | 1.1.2 |
| tg-client-query-builder | 2.14.4, 2.14.5 |
| tg-redbird | 1.3.1 |
| tg-seq-gen | 1.0.9, 1.0.10 |
| thangved-react-grid | 1.0.3 |
| ts-gaussian | 3.0.5, 3.0.6 |
| ts-imports | 1.0.1, 1.0.2 |
| tvi-cli | 0.1.5 |
| ve-bamreader | 0.2.6 |
| ve-editor | 1.0.1 |
| verror-extra | 6.0.1 |
| voip-callkit | 1.0.2, 1.0.3 |
| wdio-web-reporter | 0.1.3 |
| yargs-help-output | 5.0.3 |
| yoo-styles | 6.0.326 |
OX Security in Action
OX Security helps you see what’s in your software (SBOMs), spot malicious and vulnerable packages (SCA), and stop risky changes (CI/CD policy enforcement), so identity hardening and pipeline policy become everyday defaults, not emergency responses.
Conclusion
This month showed that software supply-chain risk is no longer about CVEs in the code, but about compromised identities and trusted automation. The recent wallet-drainer case proved how quickly a single phished maintainer can poison billions of weekly downloads.The @ctrl/tinycolor campaign showed malware using your own CI tokens to self-propagate across maintainers. The lesson is stark: every dependency is executable code with production privileges the moment it hits your pipeline.
Teams should start enforcing hardware-based 2FA, short-lived tokens, off-by-default install scripts in CI, cool-down period before adoption and organization-wide review of new package versions. Pairing these practices with SBOM-driven inventory with automated blocklists provides even better protection.
Resilience now comes from identity hardening and pipeline policies, not hope that upstream stays clean.
