The recent Shai-Hulud attacks exposed around 400,000 secrets through infected NPM packages and compromised GitHub repositories, posing significant supply chain risks. Researchers warn that although many secrets may no longer be valid, over 60% of leaked NPM tokens are still active, increasing the threat of future attacks. #ShaiHulud #NPM #GitHub #SupplyChainThreats
Keypoints
- The Shai-Hulud malware compromised over 800 NPM packages, injecting malicious scripts and deleting data under certain conditions.
- More than 30,000 GitHub repositories were affected, with sensitive secrets such as tokens, credentials, and environment details exposed.
- Over 60% of leaked NPM tokens remain valid, representing an active risk for supply chain and credential theft attacks.
- Linux systems and containers were the most targeted environments, with GitHub Actions being the most affected CI/CD platform.
- Two packages, @postman/tunnel-agent and @asyncapi/specs, accounted for over 60% of the infections, highlighting critical points for early mitigation.