Sha1-Hulud: The Second Wave of npm Supply-Chain Attacks
November 24, 2025
Background: The First Shai-Hulud Outbreak (September 2025)
In September 2025, researchers uncovered a fast-moving npm supply-chain worm named Shai-Hulud. The malware injected malicious JavaScript (bundle.js) into popular packages. Whenever a developer installed one of the trojanized packages, the script:
Scanned the system using TruffleHog to harvest GitHub tokens, npm tokens, and cloud credentials.
Exfiltrated the stolen secrets into a public GitHub repo created inside victims’ accounts.
Republished compromised packages using the stolen maintainer tokens, giving the malware self-propagating worm-like behavior.
More than 500 npm packages and dozens of GitHub accounts were impacted before the first campaign was stopped.
Sources:
https://thehackernews.com/2025/09/40-npm-packages-compromised-in-supply.html
https://www.ox.security/blog/npm-2-0-hack-40-npm-packages-hit-in-major-supply-chain-attack
The November 2025 Resurgence: “Sha1-Hulud: The Second Coming”
On November 24, 2025, multiple vendors—including Wiz, Aikido, Koi Security, Socket, and HelixGuard—reported a new, more aggressive wave of the attack. This new campaign was dubbed:
“Sha1-Hulud: The Second Coming.”
Unlike the first campaign, which ran malicious code after installation, the new malware executes during the preinstall phase using:
setup_bun.jsbun_environment.js(a 10MB obfuscated malware payload)
This allowed the malware to run before the package was even installed, expanding the blast radius to include CI pipelines, build servers, and automated tooling.
What the new variant does
Once executed, the payload:
Installs or impersonates the Bun runtime to run the malicious code.
Scans the machine for secrets (npm, GitHub, cloud credentials).
Registers a GitHub Actions self-hosted runner named
SHA1HULUD.Creates malicious GitHub workflows such as
discussion.yamlorformatter_*.ymlto exfiltrate secrets as GitHub Artifacts.Uploads stolen data into attacker-controlled GitHub repositories labeled:
“Sha1-Hulud: The Second Coming.”
Scope of impact
25,000+ infected GitHub repositories (Wiz)
800+ compromised npm packages (Koi Security)
350 impacted maintainers
New malicious versions found across Zapier, ENS, AsyncAPI, PostHog, Postman, and more.
Sources:
https://thehackernews.com/2025/11/second-sha1-hulud-wave-affects-25000.html
https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains
https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24
https://www.koi.ai/incident/live-updates-sha1-hulud-the-second-coming-hundred-npm-packages-compromised
https://socket.dev/blog/shai-hulud-strikes-again-v2
Key Differences From the First Wave
1. New Bun-based loader
The payload uses a faux Bun runtime to cloak execution activity.
2. Runs earlier in the lifecycle
It executes during the preinstall phase, hitting CI/CD environments harder.
3. Randomized exfil repos
Instead of a predictable “Shai-Hulud” repo, second-wave repos have random names but the description:
“Sha1-Hulud: The Second Coming.”
4. Higher infection rate
The malware can republish up to 100 packages per compromised maintainer (up from 20).
5. A destructive fallback mechanism
If the malware cannot steal credentials, it becomes a wiper.
A New and Dangerous Twist: A Built-In Wiper
It was revealed a disturbing escalation: if the malware fails to authenticate to GitHub or npm and cannot establish an exfiltration channel, it executes a destructive routine that:
Deletes every writable file in the user’s home directory
Triggers only when all of these are true:
Cannot authenticate to GitHub
Cannot create a GitHub repository
Cannot fetch a GitHub token
Cannot find an npm token
This represents a shift from data theft to punitive sabotage.
Which Packages Were Impacted?
An incomplete list (from Wiz, Socket, Aikido, and Koi) includes compromised packages from:
@zapier/
@asyncapi/
@posthog/
@postman/
@ensdomains/
Browserbase, Quick-Start-Soft, Strapbuild, Actbase, and others.
Many ecosystems with millions of weekly downloads were affected.
Mitigation Recommendations
1. Remove and replace compromised packages
Run:
If possible, pin dependencies to versions older than November 21–23, 2025.
2. Rotate all credentials
Revoke and regenerate:
npm tokens
GitHub PATs
SSH keys
AWS / GCP / Azure cloud credentials
3. Audit GitHub and CI/CD environments
Look for:
Suspicious workflows (e.g.,
discussion.yaml,formatter_*.yml)Newly created repos from your account with the phrase "Sha1-Hulud"
Unexpected self-hosted runners named SHA1HULUD
4. Harden pipelines
Disable lifecycle scripts (
preinstall,postinstall) in CI when possible.Enforce MFA for npm and GitHub.
Restrict outbound network access in builds.
5. Prepare for the destructive fallback
Ensure:
Backups are recent
Home directory data is not the only copy
Recovery procedures are tested
Conclusion
The Sha1-Hulud: Second Coming incident shows how fast and aggressively modern supply-chain attacks can evolve. By weaponizing lifecycle scripts, cloud-credential harvesting, GitHub workflow abuse, and even a destructive wiper, the attackers demonstrated a new level of sophistication.
Organizations must assume that any machine installing compromised npm packages may be fully compromised, rotate credentials, and harden their pipelines immediately.
Ready to fix with a click?
Harden your software in less than 10 mins'