1. Overview
2. Summary
3. Recommendations
4. References
5. Support

Multiple NPM packages were compromised in late 2025 through account takeovers and malicious code injections. These incidents demonstrate ongoing risks in open-source package ecosystems, highlighting the need for enhanced package-hardening and supply-chain security controls. Applications that utilize NPM for updates should have automatic downloads disabled and all packages coming from NPM should be reviewed before being applied.

The NPM website and its distribution mechanisms and software repositories (e.g.: github repos) have repeatedly been compromised with the result of malicious code being installed into applications and creating vulnerabilities.

Recent incidents include:

• Sept. 23, 2025 CIRA Alert – Malicious releases published via compromised maintainer credentials.
• Nov. 26, 2025 Datadog 'Shai Hulud 2.0' NPM worm – Worm propagating via NPM installs, establishing persistence and exfiltrating credentials.
• Dec. 1, 2025 NPM compromise – Re-emergence of malicious package uploads after incomplete cleanup.

Attack vectors and impacts include:

• Developer account credential theft
• Hijacked github repos used to push new releases that include malicious code changes
• Dependency confusion attacks (malicious packages masquerading as legitimate packages on publicly available repos)
• Exposure of API keys, encryption keys and sensitive data

Indicators of compromise:

• Domain name used during the malware initialization: bun.sh (legitimate domain) – please note that is a legitimate domain but is currently being abused as a callback domain
• The name of the GitHub repository created for exfiltration matches [0-9a-z]
• Files created on a compromised endpoint: setup_bun.js, bun_environment.js

1. Supply chain hardening:
   • Use package integrity verification (npm audit, npm audit signatures, Sigstore, or official NPM package signing when available).
   • Enforce zero-trust installation in CI: lockfiles, version pinning, disabling installation of new transitive dependencies.
   • Monitor and restrict use of packages with small or single-maintainer teams, which are higher-risk.
2. Credential & token hygiene
   • Rotate all tokens used for publishing or installing private NPM packages.
   • Enforce MFA on NPM publisher accounts.
   • Remove unused automation tokens or developer access.
3. Monitoring & detection
   • Add alerts for anomalous outbound traffic (matching known IOCs—including bun.sh).
   • Use EDR/AV to monitor creation of suspicious JS files (e.g., setup_bun.js, bun_environment.js).

What to do if you are compromised:

• Inform Incident Response team (security.response@utoronto.ca)
• Immediately remove affected package versions
• Rotate credentials that may have been exposed
• Review CI/CD secrets and access tokens
• Rebuild systems from clean sources
• Conduct outbound traffic analysis
• Check for persistence mechanisms

1. Sept. 23, 2025: Widespread supply chain compromise impacting npm ecosystem | Cybersecurity & Infrastructure Security Agency
2. Nov. 26, 2025: Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More | The Hacker News
3. Dec. 1, 2025: The Shai-Hulud 2.0 npm worm: analysis, and what you need to know | Datadog Security Labs

As always, please let us know if you have any questions or concerns or see unusual activity on your systems that you believe might be associated with this or any other vulnerability. Please send these communications to security.response@utoronto.ca.