← Back to all posts

Shai Hulud v2: How to Check If Your npm Project Is Compromised (November 2025)

EhsanBy Ehsan
7 min read
SecuritynpmSupply Chain AttackNode.jsShai HuludShai Hulud v2Sha1-Huludnpm SecurityJavaScript SecurityMalwareCredential TheftDevSecOpsnpm Malware 2025

Check if your project is affected by the npm supply chain attack. This guide helps you quickly verify whether your JavaScript dependencies were compromised.

What Happened?

In late November 2025, a self-replicating npm worm called "Shai Hulud v2" compromised over 800 legitimate npm packages. If you've installed or updated packages between November 21-23, 2025, you might be affected.

This isn't a small thing. The attack hit packages from major organizations including PostHog, Zapier, ENS Domains, AsyncAPI, Postman, and Browserbase. Combined, these packages have over 20 million weekly downloads.

Here's what the malware does:

  1. Steals your secrets - Environment variables, API keys, SSH keys, npm tokens
  2. Exfiltrates to GitHub - Creates a public "Shai-Hulud" repo under your account with stolen credentials
  3. Self-replicates - Uses stolen npm tokens to compromise other packages you maintain

The scary part? Over 11,000 secrets were exposed publicly on GitHub, and more than 2,000 were still valid when discovered.

Quick Check: Is Your Project Affected?

I've put together a simple way to check your projects using any AI coding agent. This works with Claude Code, Cursor, Windsurf, GitHub Copilot, or any AI assistant that can run commands and fetch URLs. You can also do it manually if you prefer.

Using an AI Agent (Fastest Method)

Copy this prompt into your AI coding agent while in your project directory:

Check if this project is affected by the Shai Hulud v2 supply chain attack.

1. Fetch the IOC list from: https://blog.ehsan.it/shai-hulud-v2-ioc.json
2. Get all dependencies using: npm ls --all --json (or yarn info --name-only --all for yarn projects)
3. Cross-reference installed packages against the IOC list
4. For matches, check the EXACT version in package-lock.json or yarn.lock
5. Compare with compromised versions - only specific versions are malicious

Report findings with:
- Package name
- Your installed version vs compromised version(s)
- Status: SAFE or COMPROMISED

That's it. The agent will fetch the IOC list, check your dependencies, and tell you if you're affected.

Manual Verification

If you prefer to check manually, here's the process:

Step 1: Get the IOC (Indicators of Compromise) list

Download the JSON file with all compromised packages:

Step 2: List all your dependencies

# For npm
npm ls --all 2>/dev/null | grep -E "(@|[a-z])" > my-deps.txt

# For yarn
yarn info --name-only --all 2>/dev/null | sort -u > my-deps.txt

# For pnpm
pnpm ls --depth=Infinity --json | grep '"name":' | sort -u > my-deps.txt

Step 3: Search for high-risk packages

# Quick check for commonly affected scopes
grep -iE "@asyncapi/|@posthog/|@postman/|@zapier/|@ensdomains/|@voiceflow/|@browserbasehq/" my-deps.txt

Step 4: Verify exact versions

Finding a package name isn't enough - you need to check the exact version. For example:

Check your lockfile:

# yarn.lock
grep -A 5 "@asyncapi/specs@" yarn.lock

# package-lock.json
grep -A 5 '"@asyncapi/specs"' package-lock.json

High-Profile Compromised Packages

Here are some of the most downloaded packages that were compromised:

| Package | Compromised Versions | |---------|---------------------| | posthog-js | 1.297.3 | | posthog-node | 4.18.1, 5.11.3, 5.13.3 | | @asyncapi/parser | 3.4.1, 3.4.2 | | @asyncapi/specs | 6.8.2, 6.8.3, 6.9.1, 6.10.1 | | @ensdomains/ensjs | 4.0.3 | | @browserbasehq/stagehand | 3.0.4 | | @posthog/icons | 0.36.1 | | kill-port | 2.0.2, 2.0.3 | | coinmarketcap-api | 3.1.2, 3.1.3 | | mcp-use | 1.4.2, 1.4.3 |

The full list contains 795 packages. Check the complete IOC list for all affected packages and versions.

What To Do If You're Affected

If you find compromised packages in your project, take these steps immediately:

1. Don't Run Any Scripts

Stop. Don't run npm install, yarn, npm start, or any other command until you've cleaned up. The malware executes during install via the preinstall hook.

2. Clean Your Project

# Remove infected packages
rm -rf node_modules
rm package-lock.json  # or yarn.lock

# Update package.json to use safe versions
# Then reinstall
npm install

3. Rotate ALL Credentials

This is critical. The malware steals environment variables and secrets. Assume everything is compromised:

  • API keys (AWS, GCP, Azure, Stripe, etc.)
  • Database credentials
  • OAuth tokens and refresh tokens
  • SSH keys
  • npm and GitHub tokens
  • CI/CD secrets
  • Any passwords in .env files

4. Check for Unauthorized Access

  • Review your GitHub account for repos named "Shai-Hulud"
  • Check your npm account for unexpected package publications
  • Audit cloud provider logs for unusual activity

How This Attack Works

┌─────────────────┐     ┌──────────────────┐     ┌─────────────────┐
│ Compromised     │────▶│  preinstall      │────▶│ Steal secrets   │
│ package install │     │  hook executes   │     │ from .env, SSH  │
└─────────────────┘     └──────────────────┘     └─────────────────┘
                                                          │
                                                          ▼
┌─────────────────┐     ┌──────────────────┐     ┌─────────────────┐
│ Worm spreads to │◀────│  Uses stolen     │◀────│ Upload to       │
│ your packages   │     │  npm token       │     │ GitHub repo     │
└─────────────────┘     └──────────────────┘     └─────────────────┘

The attack is clever. It:

  1. Hijacks maintainer npm accounts (likely through credential stuffing or phishing)
  2. Publishes malicious patch versions with a preinstall hook
  3. The hook runs immediately when you install the package
  4. Steals all environment variables and creates a public GitHub repo with them
  5. Uses your npm token to compromise packages you maintain
  6. Repeats for every developer who installs the infected package

The worm spreads without any command-and-control server. It's completely autonomous.

Prevention: How to Protect Your Projects

Use Lockfiles Properly

# Always commit your lockfile
git add package-lock.json  # or yarn.lock
git commit -m "Update lockfile"

# Use exact versions for critical packages
npm config set save-exact true

Enable Security Scanning

Set up automated security monitoring:

# Socket.dev CLI (best for supply chain attacks)
npm install -g @socketsecurity/cli
socket scan

# npm audit (built-in)
npm audit

# Snyk
npx snyk test

Review Package Updates Carefully

Before updating, especially patch versions:

  1. Check the package's GitHub for recent activity
  2. Look at the diff between versions
  3. Be suspicious of unexpected patch releases

Use npm's ignore-scripts for Initial Installs

# Install without running scripts first
npm install --ignore-scripts

# Then run scripts after reviewing
npm rebuild

Timeline of Events

  • September 2025: First Shai Hulud attack discovered
  • November 21-23, 2025: Shai Hulud v2 malicious versions published
  • November 24, 2025: Security researchers identify the second wave
  • November 26, 2025: Most compromised packages removed from npm

Resources

Frequently Asked Questions

How do I know if my credentials were leaked?

Check GitHub for repositories named "Shai-Hulud" under your account or search for your username on GitHub. The attackers created public repos with stolen secrets. GitGuardian also published analysis of exposed credentials.

Is it safe to use the affected packages now?

Most compromised versions have been removed from npm. However, always verify you're using a clean version by checking against the IOC list. When in doubt, pin to a version released before November 21, 2025.

Why didn't npm catch this?

Supply chain attacks through hijacked maintainer accounts are hard to detect. The malicious code was obfuscated and the packages were legitimate until compromised. This highlights the need for tools like Socket.dev that analyze package behavior, not just known vulnerabilities.

Does this affect yarn/pnpm users too?

Yes. This is an npm registry attack, so any package manager that pulls from npm is affected. yarn, pnpm, and bun users should check their projects too.

Should I be worried about Maven/Java projects?

Yes, actually. The attack spread to Maven Central too. The package org.mvnpm:posthog-node:4.18.1 contains the same malware. If you're using npm packages in your Java build, check those as well.

Stay safe out there. Supply chain attacks are becoming more sophisticated, and checking your dependencies regularly is now essential. Bookmark this page and run the check on all your active projects.