npm Invalidates Granular Access Tokens as Mini Shai-Hulud Sweeps the Registry

What Happened

npm, a major software registry, recently forced a reset of specific access tokens to stop an ongoing cyberattack known as Mini Shai-Hulud. This attack targets software developers by stealing their passwords and secret keys to publish malicious code into popular software packages. This matters because millions of users download these packages, potentially exposing their own systems to the attackers. Developers should rotate their compromised credentials immediately and consider enabling npm's new 'Staged Publishing' feature to require manual approval before new code goes live.

Key Takeaways

• npm invalidated all granular access tokens with write access that bypass 2FA to disrupt the Mini Shai-Hulud supply chain campaign.
• The Mini Shai-Hulud campaign has compromised over 1,000 package versions across npm, PyPI, and Composer by harvesting credentials from CI environments and developer machines.
• Attackers successfully bypassed OIDC Trusted Publishing in recent attacks by extracting tokens from runner memory or hijacking the trusted publisher binding.
• npm introduced 'Staged Publishing' in public preview, requiring interactive MFA approval for CI-driven package releases to prevent automated malicious publishes.

Affected Systems

• npm registry
• CI/CD pipelines (GitHub Actions, GitLab CI/CD, CircleCI)
• Developer workstations
• JavaScript ecosystem

Attack Chain

Attackers compromise CI/CD environments or developer machines to harvest credentials, including npm granular access tokens, OIDC tokens, and various cloud/API keys. Using these stolen credentials, the attackers authenticate to package registries like npm. They then automate the publishing of malicious versions of legitimate packages maintained by the compromised accounts. These poisoned packages are subsequently downloaded by downstream users, further propagating the credential theft worm.

Detection Availability

• YARA Rules: No
• Sigma Rules: No
• Snort/Suricata Rules: No
• KQL Queries: No
• Splunk SPL Queries: No
• EQL Queries: No
• Other Detection Logic: No

The article discusses the threat and mitigation strategies but does not provide specific detection rules or queries.

Detection Engineering Assessment

EDR Visibility: Medium — EDR can detect anomalous processes spawning from CI/CD runners or unauthorized access to sensitive credential files on developer endpoints. Network Visibility: Low — Publishing actions to npm occur over encrypted HTTPS channels, making network-level inspection of the payload difficult without SSL decryption. Detection Difficulty: Hard — The attackers use legitimate credentials and native publishing mechanisms (like OIDC Trusted Publishing), making malicious publishes blend in with normal developer activity.

Required Log Sources

• CI/CD Audit Logs
• npm Registry Audit Logs
• Endpoint Process Execution Logs
• File Access Logs

Hunting Hypotheses

Hypothesis	Telemetry	ATT&CK Stage	FP Risk
Consider hunting for anomalous access to credential stores or configuration files (e.g., AWS, GCP, SSH keys) by unexpected processes on developer workstations.	File Access Logs, EDR Process Events	Credential Access	Medium
If you have visibility into CI/CD runners, consider hunting for unauthorized processes extracting environment variables or memory contents.	EDR Process Events, Memory Access Logs	Credential Access	Medium
Consider hunting for unexpected package publish events in registry audit logs that occur outside of standard release windows or CI/CD pipelines.	Registry Audit Logs	Execution	Low

Control Gaps

• Lack of MFA for automated CI/CD publishes
• Overly permissive CI/CD runner environments exposing secrets in memory
• Insufficient monitoring of OIDC token usage

Key Behavioral Indicators

• Anomalous memory access on CI/CD runners
• Unexpected outbound connections from CI/CD pipelines to unauthorized endpoints
• Rapid, automated publishing of multiple package versions across different namespaces

False Positive Assessment

• Low

Recommendations

Immediate Mitigation

• Verify against your organization's incident response runbook and team escalation paths before acting.
• Consider rotating all npm granular access tokens, especially those used in CI/CD environments.
• Evaluate whether to rotate other potentially exposed credentials, including GitHub tokens, cloud provider keys, and SSH keys, if a compromise is suspected.

Infrastructure Hardening

• Consider migrating to npm's OIDC Trusted Publishing to reduce reliance on long-lived static credentials.
• If applicable, evaluate enabling npm's new Staged Publishing feature to require interactive MFA approval for CI-driven releases.
• Consider enforcing the minimumReleaseAge setting in package managers (like pnpm, npm, Yarn) to delay the installation of newly published package versions.

User Protection

• Consider implementing strict least-privilege access for developer workstations to limit the impact of credential harvesting malware.
• Evaluate whether to restrict access to sensitive configuration files on developer machines.

Security Awareness

• Consider training developers on the risks of supply chain attacks and the importance of securing local credential stores.
• Evaluate incorporating CI/CD security best practices into existing developer onboarding and security awareness programs.

MITRE ATT&CK Mapping

• T1552.004 - Unsecured Credentials: Private Keys
• T1552.007 - Unsecured Credentials: API Keys
• T1078 - Valid Accounts
• T1195.002 - Supply Chain Compromise: Compromise Software Supply Chain
• T1528 - Steal Application Access Token

Additional IOCs

• Other:
  • Nx Console v18.95.0 - Poisoned version of the Nx Console Visual Studio Code extension published by attackers to deliver credentials.