npm has reset all bypass-2FA automation tokens following a sophisticated supply chain attack dubbed “Mini Shai-Hulud.” The attack targeted npm’s publishing infrastructure, exploiting automation tokens that could bypass two-factor authentication requirements. All affected users must regenerate their automation tokens and review their publishing workflows. This incident highlights critical vulnerabilities in package registry security and the ongoing risks to JavaScript supply chains.
Introduction
The npm registry, hosting over 2.5 million packages and serving billions of downloads weekly, has executed an emergency security reset of all automation tokens capable of bypassing two-factor authentication. This drastic measure follows the detection of the “Mini Shai-Hulud” attack, named after the sandworms in Dune, which attempted to burrow through npm’s security layers to compromise the JavaScript supply chain.
The attack specifically targeted bypass-2FA tokens—special credentials designed for CI/CD pipelines and automated publishing workflows. While these tokens serve legitimate operational purposes, their compromise could enable attackers to publish malicious package versions without triggering 2FA protections, potentially affecting millions of downstream users.
This incident represents one of the most significant npm security events since the 2022 OAuth token compromise and underscores the persistent threat to open-source package ecosystems.
Background & Context
npm’s automation token system was designed to balance security with developer convenience. When npm mandated 2FA for top package maintainers in 2022, automation tokens provided a necessary exception for CI/CD systems that couldn’t interactively complete 2FA challenges.
These bypass-2FA tokens possess elevated privileges:
- Publish packages without 2FA verification
- Update package metadata and dependencies
- Manage package access and permissions
- Operate with account-level privileges
The “Mini Shai-Hulud” moniker references both the attack’s tunneling methodology and its potential to consume trust across the ecosystem. Unlike previous supply chain attacks that targeted individual packages, this campaign aimed at the infrastructure layer itself.
Supply chain attacks on npm have escalated dramatically. The 2021 ua-parser-js incident, the 2022 node-ipc protestware, and numerous typosquatting campaigns have eroded developer confidence. Each incident refines attacker techniques, with this latest attack demonstrating unprecedented sophistication in targeting authentication bypass mechanisms.
npm’s parent company, GitHub, detected suspicious activity on February 2025 through anomaly detection systems monitoring token usage patterns across publishing workflows.
Technical Breakdown
The Mini Shai-Hulud attack employed a multi-stage approach to compromise npm’s publishing infrastructure:
Stage 1: Token Harvesting
Attackers targeted multiple vectors to collect bypass-2FA tokens:
- Exposed tokens in public GitHub repositories
- Compromised CI/CD configurations
- Phishing campaigns targeting maintainers
- Potential exploitation of token generation APIs
Stage 2: Token Validation
The threat actors systematically tested harvested tokens against npm’s API to identify valid, active credentials:
# Example of token validation technique
curl -H "Authorization: Bearer npm_XXXXX" \
https://registry.npmjs.org/-/npm/v1/user
Stage 3: Reconnaissance
Valid tokens were used to enumerate packages, access levels, and publishing permissions:
# Package enumeration
npm access ls-packages --json
Stage 4: Payload Preparation
Attackers prepared malicious package versions designed to:
- Inject cryptocurrency miners
- Establish persistence mechanisms
- Exfiltrate environment variables and secrets
- Create backdoors for future access
Detection Indicators
npm’s security team identified the attack through several anomalies:
- Unusual geographic token usage patterns
- Rapid successive publish attempts from single tokens
- Publishing outside normal maintainer schedules
- Tokens accessing packages beyond typical scope
The attack’s infrastructure revealed connections to previous npm supply chain incidents, suggesting an organized threat actor with specific npm expertise.
Impact & Risk Assessment
Immediate Impact:
- All bypass-2FA tokens invalidated on February 15, 2025
- Estimated 50,000+ automation workflows disrupted
- CI/CD pipelines requiring immediate token regeneration
- Temporary publishing delays for automated releases
Security Implications:
High-severity risks included:
- Unauthorized package publishing capability
- Potential for widespread malware distribution
- Compromise of popular packages affecting millions
- Trust degradation in npm ecosystem
Affected Parties:
- Package maintainers using automation tokens
- Organizations with CI/CD npm publishing workflows
- Enterprise users dependent on npm packages
- Open-source projects with automated releases
Risk Metrics:
- CVSS-style severity: 8.5/10 (High)
- Potential reach: 2.5M+ packages
- User exposure: Billions of weekly downloads
- Attack sophistication: Advanced persistent threat level
The attack window remains under investigation, but evidence suggests reconnaissance began in late 2024, with active exploitation attempts detected in early February 2025.
Vendor Response
npm and GitHub responded swiftly to the detected compromise:
Immediate Actions (February 15, 2025):
- Emergency revocation of all bypass-2FA automation tokens
- Enhanced monitoring of publishing activities
- Notification to affected package maintainers
- Public disclosure via npm blog and security advisories
Communication Timeline:
- Feb 15: Initial detection and token reset
- Feb 15: Email notifications to token holders
- Feb 16: Public security advisory published
- Feb 17: Detailed incident report released
GitHub’s Official Statement:
“Out of an abundance of caution and in response to suspicious activity, we have reset all npm automation tokens with 2FA bypass capabilities. No evidence indicates successful malicious package publication, but we are conducting thorough forensic analysis.”
Enhanced Security Measures:
npm announced several improvements:
- Granular token permissions with time-based expiration
- Enhanced anomaly detection for publishing activities
- Mandatory token rotation policies
- Improved audit logging for automation tokens
GitHub committed to a full incident post-mortem within 30 days, with recommendations for ecosystem-wide security improvements.
Mitigations & Workarounds
Immediate Actions for Maintainers:
- Regenerate Automation Tokens:
# Login to npm
npm login# Generate new automation token
npm token create –read-only=false –cidr=YOUR_CIDR_RANGE
- Update CI/CD Configurations:
For GitHub Actions:
- name: Publish to npm
run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
Update NPM_TOKEN secret with newly generated token.
- Implement IP Restrictions:
# Create token with CIDR restrictions
npm token create --cidr=192.168.1.0/24,10.0.0.0/8
- Enable Enhanced Audit Logging:
# Review token usage
npm token list
Organizational Security Measures:
- Conduct immediate token inventory and audit
- Implement secret scanning across repositories
- Review recent package publications for anomalies
- Enable npm’s enhanced publishing verification
Short-term Workarounds:
For disrupted workflows:
- Use manual publishing with 2FA until tokens regenerated
- Implement temporary approval gates
- Leverage npm’s publish verification features
Detection & Monitoring
Token Compromise Indicators:
Monitor for these suspicious activities:
- Unexpected Publishing Events:
# Check recent package versions
npm view PACKAGE_NAME versions --json
- Unusual Token Access Patterns:
- Logins from unexpected geolocations
- Access outside normal working hours
- High-frequency API requests
Monitoring Tools:
Deploy these detection mechanisms:
# Install npm audit monitoring
npm install -g npm-audit-monitor# Configure webhook alerts
npm hook add your-package https://your-webhook-url
SIEM Integration:
Configure log forwarding for npm activities:
- Token generation events
- Package publish actions
- Access permission changes
- Failed authentication attempts
GitHub Advanced Security:
Enable secret scanning for npm tokens:
# .github/workflows/security.yml
- uses: github/secret-scanning-review-action@v1
Third-party Solutions:
Consider specialized supply chain security tools:
- Socket.dev for dependency monitoring
- Snyk for vulnerability scanning
- Phylum for automated package analysis
Best Practices
Token Management:
- Principle of Least Privilege:
– Create package-specific tokens when possible
– Limit token scope to required operations
– Implement time-based token expiration
- Token Rotation:
– Establish 90-day rotation policies
– Automate token renewal processes
– Maintain token usage documentation
- Secure Storage:
– Never commit tokens to repositories
– Use dedicated secret management systems
– Encrypt tokens in CI/CD configurations
Publishing Security:
- Multi-Person Authorization:
– Require multiple maintainer approval for critical packages
– Implement code review for package updates
– Use signed commits and releases
- Automated Security Scanning:
{
"scripts": {
"prepublishOnly": "npm audit --audit-level=high"
}
}
- Provenance Attestation:
# Publish with provenance
npm publish --provenance
Organizational Policies:
- Maintain inventory of all npm packages owned
- Document publishing workflows and token usage
- Conduct regular security audits of dependencies
- Implement supply chain security training
- Establish incident response procedures
Monitoring and Alerting:
- Configure real-time alerts for package publications
- Monitor dependency changes across projects
- Track npm security advisories
- Review package download anomalies
Key Takeaways
- Supply chain attacks continue evolving with increasing sophistication, targeting infrastructure-level vulnerabilities rather than individual packages.
- Automation tokens represent critical security boundaries requiring the same rigor as production credentials, despite their operational convenience.
- Token hygiene is non-negotiable in modern development workflows. Regular rotation, scope limitation, and monitoring are essential practices.
- Ecosystem-wide security requires collaboration between registry operators, package maintainers, and security researchers to detect and respond to threats.
- Immediate action required: All npm users with automation tokens must regenerate credentials and review publishing workflows within their organizations.
- Defense in depth matters: No single security control suffices. Combine 2FA, token restrictions, monitoring, and organizational policies.
- Transparency builds trust: npm’s rapid disclosure and response demonstrate maturity in handling security incidents, setting standards for registry operators.
The Mini Shai-Hulud attack serves as a critical reminder that supply chain security demands constant vigilance and proactive defense measures across the entire software development lifecycle.
References
- npm Security Advisory: Automation Token Reset (February 2025)
- GitHub Security Blog: npm Supply Chain Protection Updates
- npm Documentation: Token Management Best Practices
- CISA Supply Chain Compromise Guidelines
- OpenSSF Package Repository Security Framework
- npm CLI Documentation: Token Command Reference
- NIST SP 800-161: Cybersecurity Supply Chain Risk Management
- Sonatype 2024 State of Software Supply Chain Report
Stay updated at CyDhaal.com
📧 Subscribe to our newsletter @ https://cydhaal.com/newsletter/
