Between late 2024 and early 2025, four malicious packages appeared on the npm registry and accumulated 3,006 downloads before removal. One package, chalk-tempalte (note the misspelling), contained a direct clone of the Shai-Hulud worm's open-source code. The others delivered infostealers and the Phantom Bot DDoS malware. OX Security identified and reported the packages, but the incident exposes how easily attackers exploit typo-squatting and open-source malware against dependency-heavy development pipelines.
Timeline
Late 2024 to Early 2025: Four packages published to npm registry using typo-squatting techniques and legitimate-sounding names.
During active period: Packages downloaded 3,006 times across various projects and organizations.
Detection and removal: OX Security identified the malicious packages; npm removed them following disclosure.
Post-incident: An unknown number of infected systems remain active, as the packages executed on installation.
Which Controls Failed or Were Missing
No Automated Dependency Verification
Organizations lacked automated tools to verify package names against a known-good list before installation. A typo like "tempalte" instead of "template" should trigger a warning, but most teams rely on developers to manually catch these errors during npm install.
Missing Pre-Installation Security Scanning
The packages executed malicious code during installation through npm lifecycle scripts. No scanning occurred between the developer typing npm install chalk-tempalte and the malware executing with the developer's local privileges. This is the critical window where infostealer and botnet payloads establish persistence.
No Behavioral Monitoring Post-Installation
Once installed, the packages made network connections to command-and-control infrastructure and exfiltrated credentials. Standard endpoint detection tools should flag this behavior, but many development workstations run with reduced monitoring to avoid interfering with build processes.
Inadequate Supply Chain Risk Assessment
The decision to use external dependencies without evaluating maintainer reputation, package age, download counts, or recent activity created exposure. The malicious packages had minimal download history and no established maintainer track record—both red flags that went unnoticed.
What the Standards Require
PCI DSS v4.0.1 Requirement 6.3.2
"Security of bespoke and custom software and software components is managed throughout the software development life cycle." This includes third-party components. You must inventory all dependencies, assess their security posture, and verify integrity before use. The requirement explicitly covers open-source libraries.
OWASP Top 10 2021: A06 Vulnerable and Outdated Components
Using components with known vulnerabilities—or in this case, malicious components—represents a critical risk. The guidance recommends removing unused dependencies, obtaining components from official sources only, and monitoring for security advisories. Typo-squatted packages violate the "official sources" principle.
NIST 800-53 Rev 5: SA-12 Supply Chain Protection
Control SA-12 requires organizations to "employ supply chain protection mechanisms to limit harm from potential adversaries." This includes validating software integrity and authenticity. Installing packages without cryptographic verification or reputation checking fails this control.
ISO/IEC 27001:2022 Annex A.8.30: Outsourced Development
When you install third-party code, you're outsourcing development to unknown maintainers. The standard requires you to "ensure that security is addressed within the supply chain" and verify that suppliers implement appropriate security measures. Blindly trusting npm packages violates this requirement.
Lessons and Action Items for Your Team
Implement Typo-Squatting Detection
Deploy a tool that compares requested package names against your approved dependency list using Levenshtein distance or similar algorithms. Flag any package name within 1-2 character edits of a known-good package. This catches "tempalte" before installation.
Action: Add a pre-commit hook or CI check that runs npm install in dry-run mode and validates all package names against an allowlist or a typo-detection service.
Block Installation-Time Script Execution
Configure npm to ignore install scripts by default using npm config set ignore-scripts true. When you need a legitimate install script, explicitly allow it after manual review. This breaks the automatic execution path that delivered the malware payloads.
Action: Set ignore-scripts=true in your organization's .npmrc file. Document the approval process for packages that require install scripts.
Scan Dependencies Before They Touch Your System
Run security scanners against your package.json and package-lock.json files before installation. Tools like Socket, Snyk, or GitHub's Dependency Review API can identify suspicious packages based on behavioral analysis, not just known CVEs.
Action: Add a CI step that fails the build if any dependency lacks minimum reputation criteria: at least 100 weekly downloads, a maintainer with multiple published packages, and no recent ownership transfers.
Monitor Development Workstations
The infostealer and DDoS bot payloads executed on developer machines, which often have access to source code, credentials, and production systems. Apply the same endpoint detection and response (EDR) tooling to development workstations that you use in production.
Action: Deploy EDR agents on all developer machines with policies that flag unexpected network connections, credential access, and process injection—even if it means occasional false positives during legitimate development.
Audit Your Current Dependencies
The malicious packages accumulated 3,006 downloads before removal. Some of those installations persist in locked node_modules directories and container images. Run a retroactive scan of all projects to identify if you pulled any of the four packages during the active period.
Action: Search your artifact repositories and container registries for the specific package names reported by OX Security. Check Git history for commits that added suspicious dependencies during the relevant timeframe.
Establish Dependency Approval Gates
Require security team review before adding new direct dependencies to production applications. This doesn't scale for transitive dependencies, but it forces developers to justify why they need a new package and creates an opportunity to evaluate its risk profile.
Action: Update your development standards to require a Jira ticket and security team approval before adding any new dependency to package.json. Include maintainer reputation and download statistics in the approval criteria.
The Shai-Hulud clone demonstrates how open-sourcing malware accelerates attack velocity. When worm code becomes public, any attacker can package it for distribution through trusted channels like npm. Your controls must assume that malicious packages will reach your registry—the question is whether they'll reach your systems.
