The npm Attack That Quietly Spread Across the Internet

A dangerous software supply chain attack just shook the JavaScript and Python world.

The attack is being called “Mini Shai-Hulud,” and it infected more than 170 npm and PyPI packages. Some of these packages were connected to very popular developer tools and companies including TanStack, UiPath, Mistral AI, and OpenSearch.

Millions of developers download packages from npm and PyPI every week. That is what made this attack so scary. A single hidden piece of code had the potential to spread across thousands of apps, systems, and developer machines.

The most worrying part is how simple the attack started.

It began with a poisoned GitHub pull request.

That one pull request slowly opened the door to a much bigger infection.

To understand this attack, you first need to understand how modern software is built.

Today, developers rarely write everything from scratch. Instead, they install small reusable packages from places like npm and PyPI. These packages save time and help developers build apps faster.

But there is a problem.

If even one popular package gets hacked, the damage can spread everywhere.

That is exactly what happened here.

Attackers managed to compromise 84 versions connected to the TanStack ecosystem. Hidden inside these packages was a malicious file called router_init.js.

At first glance, it looked normal.

But behind the scenes, it was stealing secrets from developer systems.

The malware searched for:

These secrets are extremely valuable because they can give attackers direct access to company infrastructure, cloud accounts, repositories, and production systems.

This is why supply chain attacks are becoming one of the biggest cybersecurity threats in the world.

Hackers no longer need to attack companies directly.

Instead, they attack the tools developers trust.

What made Mini Shai-Hulud especially dangerous was its ability to spread itself.

This was not just a simple password stealer.

The malware also tried to propagate like a worm.

Once it found stolen GitHub credentials, it attempted to infect more repositories automatically. That means one compromised developer account could lead to many more infected projects.

This creates a chain reaction.

One package infects another.

Then another.

Then another.

That is how the attack managed to spread into more than 170 packages.

Security researchers say the malware even added persistence mechanisms inside Visual Studio Code. Persistence means the malware tried to stay active even after developers restarted their systems.

That is a huge red flag because it shows the attackers wanted long-term access.

Even more alarming, the malware reportedly included a “wipeout switch.”

If attackers believed their stolen tokens had been revoked, the malware could trigger destructive behavior to erase traces or damage systems.

That takes the attack from simple theft into something much more aggressive.

Most people outside tech do not realize how much the internet depends on open-source packages.

A single modern web app may use thousands of dependencies.

Developers install them with one command and usually trust that everything is safe.

For example:

That one command can download hundreds or even thousands of packages automatically.

The problem is that developers often never inspect the actual code.

There is simply too much of it.

Hackers know this.

So instead of attacking big companies directly, they hide malicious code inside trusted ecosystems.

This strategy is becoming very common.

In recent years, the software world has seen attacks involving:

Mini Shai-Hulud is now another example added to that growing list.

At first, this might sound like a problem only programmers care about.

But the effects can reach everyone.

Think about it this way.

Apps used by millions of people are built using these packages.

If attackers compromise a widely used package, they could potentially affect:

This is why software supply chain security has become a global concern.

Governments and cybersecurity agencies are now paying close attention to these attacks because they can spread incredibly fast.

One infected dependency can quietly move through the internet before anyone notices.

The good news is that the attack was discovered relatively quickly.

Security monitoring tools like Socket helped identify suspicious activity.

After the malware was detected:

This quick response probably prevented much larger damage.

Still, the attack is another reminder that modern software ecosystems remain extremely fragile.

Security experts are advising developers to take several steps immediately.

If a developer used any affected package, they should rotate all tokens and credentials.

This includes:

Even if there is no proof of theft, it is safer to assume credentials may have been exposed.

Many teams automatically install the latest package versions.

That is convenient but risky.

Experts recommend pinning exact dependency versions instead of blindly accepting updates.

This reduces the chance of accidentally downloading a malicious release.

Some companies now delay package updates for several hours or days before deploying them internally.

Why?

Because many malicious packages get discovered quickly after release.

A small waiting period can act like a safety filter.

Developers are also being encouraged to use security scanning tools that monitor dependencies for suspicious behavior.

Modern security tools can detect:

These tools are becoming essential as supply chain attacks grow more advanced.

The modern internet runs on trust.

A huge amount of software infrastructure is maintained by small open-source teams, unpaid maintainers, or random developers on the internet.

That system helped technology grow incredibly fast.

But now attackers understand how vulnerable it really is.

One compromised maintainer account can create chaos across thousands of companies.

One poisoned update can spread worldwide in hours.

And most developers will never notice until security researchers sound the alarm.

That is the uncomfortable reality behind modern software development.

There is another growing concern.

AI coding tools are making developers move faster than ever.

Tools like copilots, AI agents, and automated coding assistants encourage rapid dependency usage. Developers now generate code and install packages at massive speed.

That increases productivity.

But it also increases risk.

When teams move too fast, security reviews often become weaker.

Attackers know developers are under pressure to ship products quickly. That makes supply chain attacks even more effective.

In the future, we may see malware specifically designed to target AI-generated workflows.

That possibility is making cybersecurity experts nervous.

Mini Shai-Hulud may sound like the name of a sci-fi creature, but the threat behind it is very real.

This attack showed how a single poisoned pull request could spread across more than 170 packages and potentially reach millions of systems.

It also revealed a bigger truth about the internet.

Modern software is deeply interconnected.

Every app depends on layers of code written by strangers across the world. Most of the time that system works beautifully.

But when trust breaks, the consequences spread fast.

For developers, this attack is another wake-up call.

Open source is powerful, but trust alone is no longer enough.

The future of software will depend not only on speed and innovation, but also on how seriously the industry treats security.

—Sushila

Subscribe to my newsletter if not already done. Here. You can also connect with me on X and Medium