Zapier’s NPM account has been successfully compromised, leading to the injection of the Shai Hulud malware into 425 packages currently distributed across the npm ecosystem.
The attack represents a significant supply chain threat, with the affected packages collectively generating approximately 132 million monthly downloads across critical infrastructure and development tools.
The malware-laden packages span multiple high-profile organizations, including AsyncAPI, ENS Domains, PostHog, Postman, and Zapier itself.
Among the compromised packages are widely used libraries such as @zapier/mcp-integration, @posthog/nextjs, @asyncapi/cli, and @postman/secret-scanner-wasm, tools commonly integrated into production environments and development pipelines worldwide.
Worm Propagation and Secondary Infections
According to Aikido Security, the Shai Hulud malware operates as a self-propagating worm, utilizing a staging mechanism embedded within setup_bun.js to spread to dependent packages.
When executed during package installation, the malware writes initial staging code to the bundleAssets function, which then attempts to locate or download the Bun runtime environment.
If successful, the worm executes the bun_environment.js payload, which serves as the primary malicious component.
The propagation technique demonstrates a sophisticated understanding of npm’s installation process and build pipelines.
The malware checks for Bun’s availability across multiple system paths and configurations, attempts to install it if missing, and manipulates environment variables to ensure execution. This multi-platform approach affects Windows, Linux, and macOS systems.
Beyond execution of malicious code, the Shai Hulud variant extracts sensitive credentials and secrets from infected systems.
These secrets are automatically published to GitHub repositories with randomized names and a consistent description: “Sha1-Hulud: The Second Coming.”
Current analysis reveals approximately 26,300 exposed repositories containing leaked credentials, representing a secondary attack vector for threat actors.
This credential exfiltration substantially increases the attack’s impact, as stolen API keys, authentication tokens, and other secrets enable further lateral movement, unauthorized access to cloud infrastructure, and potential compromise of connected services and accounts.
Analysis of the attack infrastructure reveals critical mistakes made by the threat actors.
Researchers discovered numerous compromised packages containing the initial staging code (setup_bun.js) without the corresponding worm payload (bun_environment.js).
Important Compromised Packages from Zapier NPM Attack
| Package Name | Organization | Use Case | Risk Level |
|---|---|---|---|
| @zapier/mcp-integration | Zapier | Model Context Protocol Integration | Critical |
| @zapier/ai-actions | Zapier | AI Actions Module | High |
| @zapier/zapier-sdk | Zapier | Zapier Platform SDK | Critical |
| @posthog/nextjs | PostHog | Next.js Analytics Plugin | Critical |
| @posthog/cli | PostHog | Command Line Interface | High |
| @posthog/plugin-server | PostHog | Event Processing Server | Critical |
| @asyncapi/cli | AsyncAPI | AsyncAPI CLI Tool | Critical |
| @asyncapi/generator | AsyncAPI | API Documentation Generator | High |
| @asyncapi/parser | AsyncAPI | Schema Parser | High |
| @postman/secret-scanner-wasm | Postman | Secret Scanning (WASM) | Critical |
| @postman/postman-mcp-cli | Postman | Model Context Protocol CLI | Critical |
| @postman/pm-bin-linux-x64 | Postman | Postman Linux Binary | Critical |
| @ensdomains/ensjs | ENS Domains | ENS JavaScript Library | High |
| @ensdomains/ens-contracts | ENS Domains | Smart Contracts | High |
| posthog-js | PostHog | JavaScript Analytics | Critical |
| posthog-node | PostHog | Node.js Analytics | Critical |
| zapier-platform-cli | Zapier | Zapier CLI Platform | Critical |
| zapier-platform-core | Zapier | Zapier Core Library | Critical |
This inconsistency appears to stem from incomplete deployment or misconfiguration during the attack execution.
The absence of the primary malicious payload in a subset of infected packages has temporarily limited the attack’s overall impact.
However, the staging code alone poses a significant risk, as it establishes persistence mechanisms and could be updated remotely with functional malware payloads.
The npm community and all organizations utilizing affected Zapier packages must immediately audit their dependencies and implement detection measures.
Users should review package installations from the past several hours, rotate compromised credentials, and monitor systems for indicators of compromise, including unexpected runtime downloads or GitHub repository creation.
This incident underscores the persistent vulnerability of centralized package repositories to compromise.
It highlights the critical importance of supply chain security practices, dependency management, and continuous monitoring of package integrity.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and set GBH as a Preferred Source in Google.