Recursive package infection is a supply chain attack pattern where a compromised package uses stolen credentials or trusted automation to publish more compromised packages. The result is self-propagating spread through normal developer tooling and publishing paths, which makes containment dependent on identity and process controls as much as on malware detection.
Expanded Definition
Recursive package infection is a supply chain attack pattern in which a compromised package is used as a delivery mechanism for additional malicious packages. The infection is “recursive” because the attacker leverages trusted publishing workflows, stolen credentials, or automation tokens to keep the chain of compromise moving through normal software distribution paths.
In NHI terms, this is not just a code integrity problem. It is a non-human identity problem involving package registry credentials, CI/CD tokens, API keys, signing keys, and delegated publish rights. Guidance varies across vendors on whether the defining feature is self-propagation, trust abuse, or recursive abuse of package maintainers, but the operational reality is the same: an identity with publish authority becomes the infection vector. For governance context, see the NIST Cybersecurity Framework 2.0 and the broader NHI lifecycle controls described by NHI Mgmt Group.
The most common misapplication is treating recursive package infection as a malware-only event, which occurs when teams ignore the identity path that allowed the compromised package to publish onward.
Examples and Use Cases
Implementing controls for recursive package infection rigorously often introduces friction in release engineering, requiring organisations to weigh publishing speed against stronger identity verification and tighter automation boundaries.
- A maintainer account is phished, and the attacker uses registry access to publish a backdoored dependency that then gets pulled into downstream builds.
- A compromised CI/CD token is reused to publish multiple packages under trusted namespaces, expanding the blast radius beyond the first infected artifact.
- An internal package mirror caches a tainted version, then distributes it through standard developer tooling before detection catches up.
- A malicious package inherits trust because a build pipeline signs or republishes it automatically, turning automation into a propagation channel.
- The LiteLLM PyPI package breach illustrates how stolen credentials can transform a package event into broader NHI exposure, especially when publish rights and secrets are not tightly governed.
In practice, this term overlaps with dependency confusion, package hijacking, and maintainer compromise, but it is specifically about the recursive spread enabled by trusted publishing paths. Package provenance controls, registry hardening, and secret hygiene are all part of the response, and the NIST security model for identify, protect, and recover helps frame the operational workflow.
Why It Matters in NHI Security
Recursive package infection matters because the attacker is not relying on a single compromised host. They are exploiting NHI sprawl across maintainers, automation, and publishing infrastructure. NHIMG research shows that 96% of organisations store secrets outside of secrets managers, and that 80% of identity breaches involved compromised non-human identities such as service accounts and API keys. That combination makes package ecosystems especially vulnerable when credentials are reused, overprivileged, or left unattended.
This is also where Zero Trust thinking becomes practical, not theoretical. Package publish rights should be treated as high-risk privileges, not routine convenience, and mapped to controls in the NIST Cybersecurity Framework 2.0. Incident response often needs both artifact quarantine and NHI revocation, because the compromised identity can continue spreading malicious packages even after the first malicious release is removed.
Organisations typically encounter the full operational impact only after a suspicious dependency update or downstream build compromise, at which point recursive package infection becomes unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Recursive infection often begins with abused NHI secrets and publish credentials. |
| NIST CSF 2.0 | PR.AA-01 | Identity proofing and access control are central when package publishing is abused. |
| NIST Zero Trust (SP 800-207) | SP 800-207 | Zero Trust limits implicit trust in automation and package publishing paths. |
Treat registry and CI/CD publish identities as high-value assets and enforce strict authorization.
Related resources from NHI Mgmt Group
- How should teams reduce risk from malicious npm package installs?
- When does a compromised developer package become a major security risk?
- When should teams treat a package compromise as a cloud security event?
- How should security teams protect npm and package publishing workflows from identity compromise?