TL;DR: The second Shai-Hulud campaign weaponised trojanised npm packages to steal developer tokens, CI/CD secrets, cloud metadata, and GitHub access while spreading through compromised maintainer accounts, affecting more than 25,000 repositories and 425 packages with roughly 132 million monthly downloads, according to Orca Security. Package trust is no longer just a code-review problem; install-time execution, maintainer tokens, and pipeline identity controls now define the real blast radius.
NHIMG editorial — based on content published by Orca Security covering the Shai-Hulud npm supply chain campaign: LLMjacking-inspired credential abuse and package compromise analysis
By the numbers:
- In some bursts, about 1,000 new repositories were being added every 30 minutes.
Questions worth separating out
Q: What breaks when a malicious npm package can run install-time scripts?
A: The trust boundary breaks at the point of installation, because the package is no longer just a dependency.
Q: Why do compromised maintainer tokens create more risk than a single bad package?
A: A compromised maintainer token turns registry trust into a propagation path.
Q: How can security teams tell whether secret exposure from package installs is contained?
A: Containment is real only when exposed credentials are revoked, replacement identities are least privileged, and the build and repository estate has been searched for persistence markers.
Practitioner guidance
- Inventory package publishing identities Identify every npm publishing token, GitHub credential, and automation identity that can publish to your registries.
- Disable or constrain install-time scripts Review whether preinstall and postinstall hooks are necessary in your environments.
- Rotate and revoke exposed secrets immediately Treat any exposed npm, GitHub, or cloud credential as compromised until proven otherwise.
What's in the full article
Orca Security's full blog post covers the operational detail this post intentionally leaves for the source:
- A full package-by-package appendix of the compromised npm ecosystem and affected namespaces.
- The specific install-stage payload files and workflow artefacts used to establish persistence and exfiltration.
- Detailed remediation guidance for cache cleanup, dependency rebuilds, and token rotation across developer and CI/CD identities.
- Infrastructure indicators such as suspicious branch names, runner registration patterns, and artifact handling behaviour.
👉 Read Orca Security's analysis of the Shai-Hulud npm supply chain campaign →
Shai-Hulud in npm: what it means for NHI governance?
Explore further
Package trust is now an identity problem, not just a software integrity problem: The campaign works because the build ecosystem treats package provenance as if it were sufficient assurance. It is not, because install-time execution turns a dependency into an active identity-bearing actor with access to secrets, metadata, and pipeline state. Practitioners need to treat package execution, publishing tokens, and workflow permissions as one governance plane, not separate hygiene tasks.
A few things that frame the scale:
- AI-related credential leaks surged 81.5% year-over-year in 2025, according to the State of Secrets Sprawl 2026.
- 64% of valid secrets leaked in 2022 are still valid and exploitable today, according to the State of Secrets Sprawl 2026.
A question worth separating out:
Q: What should organisations do when npm supply chain compromise is suspected?
A: Start by removing the compromised packages, clearing build caches, rebuilding from clean dependencies, and rotating any token that could have been present during install. Then inspect GitHub workflows, runner registrations, and repository history for persistence, because a package compromise often leaves behind identity-based footholds.
👉 Read our full editorial: Shai-Hulud npm supply chain attack exposes NHI trust gaps