Flash Notice: Hackers Hijack NPM Packages - Multi-Billion Weekly Downloads Targeted in Supply Chain Attack

introduction

A major software supply chain attack has shaken the open-source JavaScript ecosystem, as attackers hijacked several high-profile npm packages with a combined download count exceeding two billion downloads weekly. The attack leveraged phishing, account takeovers, and malicious code insertion, threatening the security of countless downstream projects and users.

incident overview and timeline

In July 2025, malicious actors orchestrated a sophisticated attack campaign against npm package maintainers, resulting in the unauthorized publication of trojanized versions of popular packages.

Key dates and facts: 

• July 18, 2025: CrowdStrike observed adversaries modifying contents of multiple npm packages after successfully phishing an npm maintainer.
• July 19, 2025: Attackers compromised the popular 'is' package by hijacking an old maintainer’s account, subsequently publishing malicious versions (3.3.1, 5.0.0) to the registry.
• August 26, 2025: A separate, large-scale compromise targeted the widely used Nx build system package, with malicious versions released on this date.

For the affected packages, the malicious versions remained available for up to six hours before being detected and removed, a significant window considering the scale of weekly downloads.

attack methodology and technical breakdown

The campaign began with a phishing attack targeting npm maintainers. Attackers used spoofed login pages and typosquatted domains to steal credentials. Upon gaining access to accounts, attackers modified package contents and uploaded malicious versions.

Key technical details:

• Malicious install scripts (such as install.js) executed on package installation.
• DLL payloads (e.g., node-gyp.dll) were loaded via spawned processes (e.g., rundll32.exe) to evade detection.
• Credential exfiltration: The malware read .npmrc files to steal npm authentication tokens, and deployed infostealer payloads aimed at browser data.
• Ownership manipulation: Attackers exploited the trust between maintainers, bypassing notifications to gain persistent or restored access to popular packages.

For the Nx package, malware leveraged AI CLI tools (Claude, Gemini, Q) to scan for and extract secrets, including cryptocurrency wallets and developer tokens, automatically exfiltrating the information via attacker-created GitHub repositories.

affected packages and organizations

Several critical npm packages were compromised:

• eslint-config-prettier (versions 8.10.1, 9.1.1, 10.1.6, 10.1.7): Over 30 million weekly downloads.
• eslint-plugin-prettier (4.2.2, 4.2.3).
• synckit (0.11.9).
• @pkgr/core (0.2.8).
• napi-postinstall (0.3.1).
• is (3.3.1, 5.0.0): A key utility for JavaScript applications.
• Nx build system (multiple malicious versions between August 26–27): A core automation platform in developer workflows.

Hundreds of organizations and untold numbers of software projects relying on these packages faced significant exposure, especially due to the packages' popularity and weekly traffic.

industry response and mitigation measures

After detection, affected packages were deprecated and clean versions restored. Security vendors and npm responded by:

• Issuing urgent advisories.
• Recommending all maintainers to enable two-factor authentication (2FA).
• Advising users to audit npmrc files, browser data, and access tokens if affected versions were installed.
• Automated tools, like Xygeni’s Malware Early Warning (MEW), monitored for and flagged suspicious package behavior across registries.
• GitHub and npm revoked compromised tokens and patched vulnerabilities in package ownership workflows.

Mitigation recommendations include:

• Mandatory 2FA for all maintainers.
• Regular auditing of dependency lists for unusual package versions.
• Immediate revocation and regeneration of compromised tokens.
• Improved notification and transparency in package ownership changes.

broader supply chain risks and recent patterns

This incident follows a pattern of increasingly frequent and impactful software supply chain attacks:

• Similar techniques (phishing, typosquatting, malicious publish) have emerged across registries, including both npm and PyPI.
• The scale and automation of recent attacks leverage both social and technical vectors, exploiting weak links in maintainer authentication and the open-source trust model.
• AI-assisted reconnaissance and credential harvesting, as seen in the Nx attack, demonstrate evolving attacker sophistication.

background information

Software supply chain attacks occur when attackers compromise the upstream components or tools that other software projects rely upon. In the npm ecosystem, with its deep dependency chains, a single compromised package can cascade through thousands of projects.

Recent history has seen high-profile incidents such as the SolarWinds compromise and repeated package registry breaches, underscoring the importance of securing both human and machine aspects of software distribution.

SUPPORTING DOCUMENTATION

• CrowdStrike Falcon Prevents NPM Package Supply Chain Attacks, July 2025
• Xygeni: A Closer Look at Software Supply Chain Attacks 2025
• StepSecurity: Another npm Supply Chain Attack: The 'is' Package Compromise, July 2025
• Wiz.io: s1ngularity: Supply Chain Attack Leaks Secrets on GitHub, August 2025
• Infosecurity Magazine: Npm Package Hijacked to Steal Data and Crypto via AI, August 2025