Blog Trainings Request a Demo Login
Get Your Free Report
Start for Free
SOCRadar® Cyber Intelligence Inc. | Shai Hulud’s “The Second Coming”: New npm Campaign Hits Zapier, ENS, Postman
Table Of Content
Related Articles
SOCRadar® Cyber Intelligence Inc. | CVE-2025-48595: June 2026 Android Security Update Fixes Framework Zero-Day
CVE-2025-48595: June 2026 Android Security Update Fixes Framework Zero-Day
Jun 03, 2026
SOCRadar® Cyber Intelligence Inc. | Charter Data Breach: ShinyHunters Claims 42 Million Records Stolen on the Dark Web
Charter Data Breach: ShinyHunters Claims 42 Million Records Stolen on the Dark Web
May 29, 2026
SOCRadar® Cyber Intelligence Inc. | April 2026: ShinyHunters Hits Medtronic and ADT as North Korean Hackers Drain DeFi Protocols
April 2026: ShinyHunters Hits Medtronic and ADT as North Korean Hackers Drain DeFi Protocols
May 29, 2026
SOCRadar® Cyber Intelligence Inc. | TrapDoor: Malicious npm, PyPI, Crates.io Packages Target Developer Secrets & AI Tooling
TrapDoor: Malicious npm, PyPI, Crates.io Packages Target Developer Secrets & AI Tooling
May 25, 2026
SOCRadar® Cyber Intelligence Inc. | CVE-2026-20223: Cisco Secure Workload Auth Bypass Grants Site Admin Access
CVE-2026-20223: Cisco Secure Workload Auth Bypass Grants Site Admin Access
May 22, 2026
Free Dark Web Report
Is your Domain/Email Exposed?
Nov 25, 2025
7 Mins Read
Moon

Shai Hulud’s “The Second Coming”: New npm Campaign Hits Zapier, ENS, Postman

Security teams face yet another npm supply chain emergency. A new wave of Shai Hulud: The Second Coming. The worm has trojanized hundreds of packages from major projects like Zapier, ENS Domains, AsyncAPI, PostHog, and Postman. Early analyses point to 492 compromised packages with a combined download count near 132 million per month and tens of thousands of public GitHub repos seeded with stolen secrets.

In this blog, we will answer the key questions: what happened in this incident, how the Shai Hulud malware works, which projects are affected, what data may be exposed, why this second wave is happening now, and what security teams should do next.

What Happened in the Latest Shai Hulud npm Attack?

On November 24, 2025, researchers detected a new campaign linked to the Shai Hulud npm worm. Within hours, multiple npm packages began showing the same malware indicators, pointing to a coordinated supply chain attack.

Key facts so far:

Second wave: This is a follow-up to the Shai Hulud campaign first observed in mid-September 2025, which also targeted npm packages and stole developer secrets.

Scale: Public reports now place the number of compromised packages near 500, and later analyses suggest the total may continue to rise as additional compromised packages are identified.

Impact on repositories: The malware leaks secrets to randomly named public GitHub repositories tagged with the description “Sha1-Hulud: The Second Coming”. According to reports, there are over 26,000 exposed repos as of now.

Exposed GitHub repositories (Aikido)

Exposed GitHub repositories (Aikido)

In short, this is not just a one-off package compromise; it is a worm that attempts to spread across npm and into any developers or CI/CD systems that install the tainted packages.

Which Organizations and npm Packages Were Compromised?

The attackers targeted organizations and libraries that sit deep in developer workflows and infrastructure automation. Reports involve compromises in packages maintained by Zapier, ENS Domains, AsyncAPI, PostHog, and Postman, along with a wide range of community-maintained and smaller ecosystem packages. These projects underpin tasks such as automation workflows, blockchain name resolution, API documentation and generation, telemetry collection, and CI/CD-integrated API operations.

Examples of high-risk packages mentioned include:

  • @zapier/mcp-integration
  • @zapier/ai-actions, @zapier/ai-actions-react
  • zapier-platform-core, zapier-platform-cli, zapier-platform-schema, zapier-sdk
  • posthog-js, posthog-node, posthog-react-native
  • @posthog/nextjs, @posthog/cli, @posthog/plugin-server, @posthog/core
  • @asyncapi/cli, @asyncapi/generator, @asyncapi/parser
  • @asyncapi/react-component, @asyncapi/studio
  • @postman/secret-scanner-wasm
  • @postman/pm-bin-linux-x64, @postman/pm-bin-macos-x64, @postman/pm-bin-windows-x64
  • @postman/postman-mcp-cli, @postman/postman-mcp-server
  • @ensdomains/ensjs, @ensdomains/ens-contracts, @ensdomains/react-ens-address
  • @ensdomains/ui, @ensdomains/server-analytics, and others

Because many of these packages are transitive dependencies, organizations might be affected even if they never directly installed these libraries by name. A more extensive list of affected packages can be found on Aikido.

How Does Shai Hulud Spread?

The second-wave Shai Hulud variant is designed as a self-propagating npm worm with several notable technical steps.

Shai Hulud malware execution flow

Shai Hulud malware execution flow

  1. Malicious install script
  • Compromised packages include a script (often a postinstall hook) that writes a file called setup_bun.js.
  • During installation, this script runs automatically in developer machines or CI agents.
  1. Abuse of the Bun runtime
  • setup_bun.js tries to locate the Bun JavaScript runtime.
  • If missing, it attempts to download and install it using official installers.
  • It then looks for a secondary file, bun_environment.js, which contains the main Shai Hulud payload, and executes it.
  1. Data theft and secret harvesting
  • The worm uses tools like TruffleHog to scan local directories, repositories, environment variables, and configuration files for credentials.
  1. Public exfiltration via GitHub
  • Gathered secrets are uploaded to randomly named GitHub repositories created under attacker-controlled accounts.
  • Each repo includes the distinctive description “Sha1-Hulud: The Second Coming”.
  1. Self-replication through npm
  • The worm attempts to authenticate to npm using discovered credentials.
  • If successful, it injects staging code into additional packages and publishes malware-laced versions.
  1. Destructive behavior on failure
  • If the malware cannot authenticate to GitHub or npm, it may trigger a data-destruction routine wiping files in the user’s home directory.

Researchers have also noted “partial infections” where only the staging script exists without the main payload. These still present serious risk and should be considered compromises.

What Data Has Been Exposed, and How Serious is the Impact?

This attack is designed specifically to steal secrets. Observed categories include:

  • Cloud credentials (AWS, Azure, GCP)
  • GitHub and npm access tokens
  • CI/CD secrets (GitHub Actions, GitLab CI, CircleCI, etc.)
  • API keys for various SaaS platforms

Exposure mechanism: Collected secrets are uploaded to public GitHub repositories. Because these repositories can be created under attacker-owned accounts and use random names, they may not be visible through traditional monitoring.

Estimated scale: Current analyses estimate that 26,000+ public GitHub repositories have been seeded with stolen credentials.

The severity goes beyond initial data theft. If attackers obtain valid secrets, they can access cloud infrastructure, exfiltrate or alter private source code, publish malicious packages from trusted accounts, and move laterally inside CI/CD pipelines.

Since stolen secrets may have already been indexed or scraped by third parties, immediate credential rotation is critical.

Why is This Second Wave Happening Now?

The new Shai Hulud supply chain attack campaign aligns closely with npm’s plan to revoke old “classic tokens” on December 9, 2025. Many maintainers had not yet migrated to secure publishing mechanisms, leaving long-lived tokens vulnerable.

The timing suggests that the attackers are racing to exploit any remaining weak publication workflows before npm enforces stricter controls.

What Should You Do to Defend Against Shai Hulud?

Even if you don’t directly depend on Zapier, ENS, or AsyncAPI, you may still be exposed through transitive dependencies.

Recommended actions include the following.

Audit all dependencies:

  • Generate SBOMs or dependency trees.
  • Check for versions of compromised packages.

Pin and roll back affected versions:

  • Identify which versions are flagged as malicious.
  • Downgrade or temporarily remove affected packages.

Rotate all potentially exposed secrets:

  • Treat credentials used on any machine or CI agent that installed affected packages as compromised.

Hunt for indicators of compromise:

  • Search GitHub orgs for repos with the description “Sha1-Hulud: The Second Coming”.
  • Look for unexpected Bun installations or suspicious postinstall scripts.

Harden CI/CD and publishing workflows:

  • Disable or restrict npm postinstall scripts in CI.
  • Enforce MFA for npm and GitHub accounts.
  • Replace long-lived tokens with short-lived or scoped credentials.

With the scope of this second wave still unfolding, quick auditing, secret rotation, and dependency review are essential to reducing exposure and preventing attackers from gaining deeper access to development and production environments.

Strengthen Supply‑Chain Defense with SOCRadar XTI

As supply‑chain threats accelerate, response speed and ecosystem visibility become just as important as patching. Security teams need early insight into leaked credentials, third‑party exposure, and emerging indicators tied to campaigns like Shai Hulud. SOCRadar’s Extended Threat Intelligence (XTI) platform supports these needs by providing real‑time alerts, enriched intelligence on npm and GitHub‑related activity, and continuous monitoring of third‑party risk through its Supply Chain Intelligence module.

SOCRadar Supply Chain Intelligence, Third-Party Companies

SOCRadar Supply Chain Intelligence, Third-Party Companies

With automated correlation of IOCs, credential‑leak detection, and vendor‑risk scoring – plus seamless integrations with SIEM and SOAR platforms – SOCRadar helps organizations strengthen visibility, reduce time‑to‑response, and get ahead of evolving supply‑chain compromises.