{"id":72789,"date":"2026-05-20T08:02:41","date_gmt":"2026-05-20T08:02:41","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/github-worm-hits-npm-packages-with-16m-downloads\/"},"modified":"2026-05-20T08:02:41","modified_gmt":"2026-05-20T08:02:41","slug":"github-worm-hits-npm-packages-with-16m-downloads","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/github-worm-hits-npm-packages-with-16m-downloads\/","title":{"rendered":"GitHub Worm Hits npm Packages With 16M Downloads"},"content":{"rendered":"<p><b>(Originally posted on : Bitcoin News )<\/b><br \/>\n<\/p>\n<div>\n<p><span style=\"font-weight:400\"><\/p>\n<div class=\"@container mb-[25px] rounded-sm overflow-clip py-0.5 pr-0.5 pl-2.5 bg-success-100\">\n<div class=\"flex flex-col gap-m overflow-clip rounded-[6px] !bg-success-10 p-3 @[420px]:p-m\">\n<h2 class=\"m-0 flex items-center gap-s text-[19px] !text-[#1c1c1c] md:text-[20px]\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"16\" height=\"10\" viewbox=\"0 0 16 10\" fill=\"none\" class=\"shrink-0 text-success-100\" aria-hidden=\"true\"><path d=\"M1 1.5h14\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><path d=\"M1 8.5h10\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><\/svg><span>Key Takeaways<\/span><\/h2>\n<ul class=\"m-0 flex list-none flex-col gap-m pl-0\">\n<li class=\"m-0 flex items-start gap-s !text-[#434248]\"><span class=\"mt-2 size-2 shrink-0 rounded-full bg-success-100\" aria-hidden=\"true\"\/><span class=\"text-body\">Mini Shai-Hulud exploited GitHub Actions on May 19, compromising 300+ npm packages across 16M weekly downloads.<\/span><\/li>\n<li class=\"m-0 flex items-start gap-s !text-[#434248]\"><span class=\"mt-2 size-2 shrink-0 rounded-full bg-success-100\" aria-hidden=\"true\"\/><span class=\"text-body\">The malware installs a dead-man\u2019s switch that wipes the developer\u2019s machine if the stolen npm token is revoked.<\/span><\/li>\n<li class=\"m-0 flex items-start gap-s !text-[#434248]\"><span class=\"mt-2 size-2 shrink-0 rounded-full bg-success-100\" aria-hidden=\"true\"\/><span class=\"text-body\">GitHub responded May 20 with staged publishing, bulk OIDC onboarding, and a plan to deprecate legacy npm tokens.<\/span><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<p><\/span><\/p>\n<h2><span style=\"font-weight:400\">Mini Shai-Hulud Exploits GitHub Actions to Hit 16 Million Weekly Downloads<\/span><\/h2>\n<p><span style=\"font-weight:400\">The Mini Shai-Hulud campaign, attributed to the threat group Team PCP, does not work the way most supply chain attacks do because, rather than stealing a developer\u2019s credentials and publishing directly, the attacker forks a target repository on GitHub, opens a pull request that triggers a `pull_request_target` workflow. <\/span><\/p>\n<p><span style=\"font-weight:400\">This poisons the GitHub Actions cache with a malicious pnpm store, and f<\/span><span style=\"font-weight:400\">rom that point, the infected packages carry valid signed certificates and pass SLSA provenance checks, making them appear completely clean to standard security tooling.<\/span><\/p>\n<figure id=\"attachment_815582\" aria-describedby=\"caption-attachment-815582\" style=\"width:740px\" class=\"wp-caption aligncenter\"><figcaption id=\"caption-attachment-815582\" class=\"wp-caption-text\">Image source: X<\/figcaption><\/figure>\n<p><span style=\"font-weight:400\">On May 19, the latest wave struck the AntV data visualization ecosystem as <a href=\"https:\/\/snyk.io\/blog\/mini-shai-hulud-antv-npm-supply-chain-attack\/\" target=\"_blank\" rel=\"noopener noreferrer\">attackers gained access<\/a> to a compromised maintainer account in the @atool namespace and published more than 300 malicious package versions across 323 packages in a 22-minute automated burst.<\/span><\/p>\n<p><span style=\"font-weight:400\">Among the affected packages is echarts-for-react, a React wrapper for Apache Echarts with <\/span><a href=\"https:\/\/www.infoworld.com\/article\/4173277\/antv-data-visualization-tool-the-latest-to-be-hit-by-ongoing-npm-supply-chain-attacks.html\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight:400\">roughly 1.1 million weekly downloads<\/span><\/a><span style=\"font-weight:400\">. The collective weekly download count across all affected packages in this wave is estimated at around 16 million.<\/span><\/p>\n<p><span style=\"font-weight:400\">The most alarming technical detail is what happens if a developer tries to intervene. The malware installs a dead-man\u2019s switch, i.e., a shell script that polls GitHub\u2019s API every 60 seconds to check whether the npm token it created has been revoked. That token carries the description \u201cIfYouRevokeThisTokenItWillWipeTheComputerOfTheOwner,\u201d which, if revoked by a developer, immediately wipes the infected machine\u2019s home directory. <\/span><\/p>\n<p><span style=\"font-weight:400\">The token also steals credentials from GitHub, AWS, Azure, GCP, Kubernetes, Hashi Corp Vault, and over 90 developer tool configurations <\/span><span style=\"font-weight:400\">before spreading laterally across connected cloud infrastructure.<\/span><\/p>\n<h2>One Attack, Multiple Casualties<\/h2>\n<p><span style=\"font-weight:400\">The campaign simultaneously hit the Python Package Index (PyPI) as three malicious versions of Microsoft\u2019s official durabletask Python SDK were published on May 19, silently downloading and executing a 28 KB credential-stealing payload (capable of moving across AWS, Azure, and GCP environments after initial execution).<\/span><\/p>\n<p><span style=\"font-weight:400\">GitHub responded on May 20 with an announcement outlining three core changes to npm publishing, namely bulk OIDC onboarding to help organizations migrate hundreds of packages to trusted publishing at scale, expanded OIDC provider support beyond GitHub Actions and Gitlab, and a new staged publishing model that gives maintainers a review window before packages go live, requiring multi-factor authentication (MFA) approval.<\/span><\/p>\n<figure id=\"attachment_815583\" aria-describedby=\"caption-attachment-815583\" style=\"width:730px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-815583\" title=\"GitHub Worm Hits npm Packages With 16M Downloads\" src=\"https:\/\/static.news.bitcoin.com\/wp-content\/uploads\/2026\/05\/github-actions-hijacked-in-dev-wiping-npm-supply-chain-attack2_nwmk.jpg\" alt=\"GitHub Worm Hits npm Packages With 16M Downloads\" width=\"730\" height=\"352\" srcset=\"https:\/\/static.news.bitcoin.com\/wp-content\/uploads\/2026\/05\/github-actions-hijacked-in-dev-wiping-npm-supply-chain-attack2_nwmk-300x145.jpg 300w, https:\/\/static.news.bitcoin.com\/wp-content\/uploads\/2026\/05\/github-actions-hijacked-in-dev-wiping-npm-supply-chain-attack2_nwmk.jpg 730w\" sizes=\"auto, (max-width: 730px) 100vw, 730px\"\/><figcaption id=\"caption-attachment-815583\" class=\"wp-caption-text\">Image source: X<\/figcaption><\/figure>\n<p><span style=\"font-weight:400\">The company also plans to deprecate legacy classic tokens, migrate users to FIDO-based 2FA, and disallow token-based publishing by default. In the earlier wave of the campaign in September 2025, GitHub removed over 500 compromised packages from the npm registry <\/span><\/p>\n<p><span style=\"font-weight:400\"> <a href=\"http:\/\/www.bitcoin.com\/get-started\/what-is-a-blockchain\/\" class=\"lar_link lar_link_outgoing\" target=\"_blank\" rel=\"noopener noreferrer\">Blockchain<\/a> security firm Slowmist had <\/span><a href=\"https:\/\/news.bitcoin.com\/slowmist-node-ipc-supply-chain-attack-npm-2026\/\"><span style=\"font-weight:400\">raised an early warning on May 14<\/span><\/a><span style=\"font-weight:400\"> after flagging three malicious versions of node-ipc, a package with 822,000 weekly downloads, as part of the same campaign. <\/span><\/p>\n<p><span style=\"font-weight:400\">Developers using any of the flagged packages have been advised to audit dependency trees immediately, rotate all credentials without revoking the malicious token first, and check indicators of compromise published by Snyk, Wiz, Socket.dev, and Step Security.<\/span><\/p>\n<\/p><\/div>\n<p><a href=\"https:\/\/news.bitcoin.com\/mini-shai-hulud-npm-github-actions-supply-chain-attack-2026\/\">Source link <\/a><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(Originally posted on : Bitcoin News ) Key Takeaways Mini Shai-Hulud exploited GitHub Actions on May 19, compromising 300+ npm packages across 16M weekly downloads. The malware installs a dead-man\u2019s switch that wipes the developer\u2019s machine if the stolen npm token is revoked. GitHub responded May 20 with staged publishing, bulk OIDC onboarding, and a [&hellip;]<\/p>\n","protected":false},"author":3947362404,"featured_media":72790,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[32],"tags":[],"_links":{"self":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/72789"}],"collection":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/users\/3947362404"}],"replies":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/comments?post=72789"}],"version-history":[{"count":0,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/72789\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media\/72790"}],"wp:attachment":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media?parent=72789"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/categories?post=72789"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/tags?post=72789"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}