Skip to main content
Application Security Standards
637 Malicious npm Packages in 22 MinutesIncident
3 min readFor Security Engineers

637 Malicious npm Packages in 22 Minutes

Attack Overview

On May 19, an attacker compromised a maintainer account for AntV, a widely-used data visualization library, and published 637 malicious versions across 317 npm packages in just 22 minutes. The malicious code deployed the Mini-Shai-Hulud worm, which steals npm and GitHub tokens along with credentials from 130 file paths. SafeDep detected the attack early and published a list of compromised packages.

This incident is part of a sustained campaign targeting high-value npm maintainer accounts.

Attack Timeline

May 19 (early detection): Attack identified by SafeDep.

22-minute attack window: Attacker published 637 malicious package versions.

Post-detection: SafeDep released a list of 317 compromised packages; npm began package removal and account investigation.

The compressed timeline reveals the attacker's strategy: gain access, automate deployment, and maximize distribution before detection.

Failed or Missing Controls

Credential Security: The attacker accessed a legitimate maintainer account, indicating failures such as:

  • Lack of multi-factor authentication (MFA)
  • Weak or reused passwords
  • Insecure token storage (e.g., browser storage, plaintext config files)
  • No session monitoring for anomalous login patterns

Package Integrity Verification: Organizations lacked automated mechanisms to:

  • Verify package signatures before installation
  • Detect sudden version spikes
  • Flag new dependencies or maintainer changes
  • Block packages failing reputation checks

Dependency Monitoring: Most teams lack real-time alerts for:

  • Rapid version releases
  • Changes in a package's maintainer list
  • Network behavior inconsistent with the package's function

Blast Radius Containment: The worm's ability to steal from 130 file paths indicates:

  • Excessive filesystem permissions in build environments
  • No segregation between build processes and credential storage
  • Development machines with direct access to production tokens

Compliance Requirements

PCI DSS v4.0.1 Requirement 6.3.2 mandates secure development of custom software, including verifying third-party code integrity. If you're using npm packages in a PCI environment, document verification steps before deployment.

NIST 800-53 Rev 5 SA-12 (Supply Chain Protection) requires processes like vulnerability scanning and integrity verification. Your npm install process needs gates, not just a package-lock.json file.

ISO/IEC 27001:2022 Annex A.8.30 addresses secure coding practices, including the security of development tools and dependencies. Your ISMS should document verification of third-party code, review frequency, and triggers for emergency reviews.

NIST Cybersecurity Framework v2.0 GV.SC-04 states: "Suppliers are known and prioritized by criticality." Do you know which npm packages have write access to your secrets? If AntV is in your dependency tree, how quickly did you know about this incident?

Action Items for Your Team

Implement Mandatory MFA for Package Publishing Accounts

Require hardware security keys for publishing access. Set the policy today and enforce it by the end of the quarter.

Deploy Automated Dependency Monitoring

Use tools like Socket, Snyk, or Phylum to flag suspicious package behavior in real-time. Configure alerts for:

  • New maintainers added to dependencies
  • Packages with unusual network activity
  • Rapid version releases
  • Installation scripts accessing sensitive paths

Segregate Build Environments from Credential Stores

Your CI/CD pipeline should not have direct filesystem access to developer credentials. Use:

  • Dedicated secret management tools
  • Short-lived tokens with minimal scope
  • Separate IAM roles for build vs. deployment
  • Network segmentation between build agents and production infrastructure

Create a Dependency Emergency Response Process

When a compromise list is published, quickly determine:

  1. If you use the affected packages
  2. Which environments are exposed
  3. What credentials might be compromised
  4. Whether you can roll back or need to rebuild

Document this process now.

Review Your 130 Most Sensitive File Paths

Audit paths targeted by the Mini-Shai-Hulud worm, such as ~/.ssh/, ~/.aws/credentials, and browser credential stores. Use OS-level access controls to restrict access.

Verify Packages Before Merging, Not Before Deploying

Move dependency review to your pull request process. Configure branch protection rules that require:

  • Dependency diff review for every PR
  • Automated security scanning blocking merges
  • Manual approval for new direct dependencies

The 22-minute attack window exists because most teams verify dependencies after installation. Shift verification upstream for better security.

Topics:Incident

You Might Also Like

Nx Console 18.95.0: When a Trusted Extension Steals Your Credentials
3 min readFor Security Engineers

Nx Console 18.95.0: When a Trusted Extension Steals Your Credentials

What Happened Version 18.95.0 of the Nx Console extension for Visual Studio Code was published with malicious code designed to steal developer credentials. This compromised version contained a 498 KB

Read
639 Malicious npm Packages: The @antv Compromise
5 min readFor Security Engineers

639 Malicious npm Packages: The @antv Compromise

On an ordinary Tuesday, a maintainer account for the @antv ecosystem—a collection of popular data visualization libraries—began publishing trojanized versions of packages your team might already be us

Read
ChromaDB CVE-2026-45829: When Your Vector Database Becomes a Remote Shell
4 min readFor Security Engineers

ChromaDB CVE-2026-45829: When Your Vector Database Becomes a Remote Shell

Overview of the Vulnerability On February 17, 2025, security researchers at HiddenLayer disclosed CVE-2026-45829 , a critical vulnerability in ChromaDB s Python FastAPI implementation. This flaw allow

Read