The Reveal Platform
Intel Name: What we know about the npm supply chain attack
Date of Scan: September 18, 2025
Impact: High
Summary: On September 15, attackers launched a targeted phishing campaign to compromise NPM maintainer accounts and inject malicious code into popular JavaScript packages. The attack enabled supply chain compromise, affecting key packages used in application development and cryptography. One payload, Cryptohijacker, redirected cryptocurrency via API hijacking and has impacted organizations across North America and Europe. Another payload, the Shai-hulud worm, spreads through compromised packages, steals cloud tokens, and scans for secrets—though no detections have been confirmed yet. This incident highlights the growing threat to open-source ecosystems through highly targeted supply chain attacks.
