1. Does not default to running post-install scripts (must manually approve each)

2. Let's you set a min age for new releases before `pnpm install` will pull them in - e.g. 4 days - so publishers have time to cleanup.

NPM is too insecure for production CLI usage.

And of course make a very limited scope publisher key, bind it to specific packages (e.g. workflow A can only publish pkg A), and IP bound it to your self hosted CI/CD runners. No one should have publish keys on their local, and even if they got the publish keys, they couldn't publish from local. (Granted, GHA fans can use OIDC Trusted Publishers as well, but tokens done well are just as secure)

I'd argue automated dependency updates pose a greater risk than one-day exploits, though I don't have data to back that up. That's harder to undo a compromised package already in thousands of lock files, than to manually patch a already exploited vulnerability in your dependencies.

[0] https://blog.yossarian.net/2025/11/21/We-should-all-be-using...

- posthog-node 4.18.1, 5.13.3 and 5.11.3

- posthog-js 1.297.3

- posthog-react-native 4.11.1

- posthog-docusaurus 2.0.6

We've rotated keys and passwords, unpublished all affected packages and have pushed new versions, so make sure you're on the latest version of our SDKs.

We're still figuring out how this key got compromised, and we'll follow up with a post-mortem. We'll update status.posthog.com with more updates as well.

A short time ago, I started a frontend in Astro for a SaaS startup I'm building with a friend. Astro is beautiful. But it's build on Node. And every time I update the versions of my dependencies I feel terrified I am bringing something into my server I don't know about.

I just keep reading more and more stories about dangerous npm packages, and get this sense that npm has absolutely no safety at all.

I know its not foolproof, but I can't believe how often people run code they haven't read where it can make a huge mess, steal secrets, etc. I'll probably get owned someday, I'm sure, but this feels like a bare minimum.

Currently reverse engineering the malicious payload and will share our findings within the next few hours.

https://about.gitlab.com/blog/gitlab-discovers-widespread-np...

The website is a mess (broken links, broken UI elements, no about section)

There is no history on webarchive. There is no information outside of this website and their "customers" are crypto exchanges and some japanese payment provider.

This seems a bit fishy to me - or am I too paranoid?

Why in particular this community still insists on preemptively updating all deps always, on running complicated extra hooks together with package installation and pretending this all is good engineering practices? ("Look, we have so plenty of things and are so busy, thus it must be good")

Why certain kind of mindset is typical to this community?

Why the Node creator abandoned his creation years ago?

Why, oh why?

Hey PostHog! What version do we need to avoid?

AsyncAPI is used as the example in the post. It says the Github repo was not affected, but NPM was.

What I don't understand from the article is how this happened. Were the credentials for each project leaked? Given the wide range of packages, was it a hack on npm? Or...?

Discussion on HN last time: https://news.ycombinator.com/item?id=45326754

  ignore-scripts=true

https://blog.uxtly.com/getting-rid-of-npm-scripts

Infact, do this for all risky tools[2]

1 - https://github.com/ashishb/dotfiles/blob/067de6f90c72f0cf849...

2 - https://ashishb.net/programming/run-tools-inside-docker/

The e18e community are reducing dependencies in popular libraries and building tools to prevent and reduce the impact of such attacks. Join if you want to help out! https://e18e.dev/

Just this morning, after trying to make the case over the past year, we had a change landed to remove more than a dozen dependencies from typescript-eslint! https://bsky.app/profile/benmccann.com/post/3m6fcjax7ec2h

It's much easier to demonstrate a problem (twice!) than to convince a herd that there is a problem.

I hope that other languages with similar package manager (looking at you, cargo) take note.

The solutions that are effective also involve actually doing work, as developers, library authors, and package managers. But no, we want as much "convenience" as possible, so the issues continue.

Developers and package authors should use a lockfile, pin their dependencies, be frugal about adding dependencies, and put any dependencies they do add through a basic inspection at least, checking what dependencies they also use, their code and tests quality, etc.

Package managers should enforce namespacing for ALL packages, should improve their publishing security, and should probably have an opt-in verified program for the most important packages.

Doing these will go a long way to ameliorate these supply chain attacks.

[1] https://verdaccio.org/

12 years ago NPM went down due to a very issue and getting stuff working again wasn't easy.

Someone got on GitHub and said something along the lines of "Get it together or get forked. "

I asked my manager if this was real or just a random guy talking. My manager, correctly said, it's just talk.

But it's different now. NPM is owned by Microsoft. One of the world's biggest companies should be able to sort things out.

Ohh well. Can't fix it.

I think hijacked NPM packages are just the tip of the ice berg.

com.foo.bar

That would require domain verification, but it would add significant developer friction.

Also mandatory Dune reference:

"Bless the maker and his water"

I guess it's not going to happen...

https://gist.github.com/considine/2098a0426b212f27feb6fb3b4d...

It checks yarn.lock for any of the above. Maybe needs a tweak or two but you should be able to run from a directory with yarn.lock

([0-9a-z]{18})

Also package manager should not run scripts.

It’s basically a lightweight CLI tool you can run directly inside any local project:

    npx sha1-hulud-scanner

It’s not meant to be a full security product — just a simple “first-pass” detector that helps catch unexpected checksum strings or injected artifacts before they slip into CI. Feedback and contributions are welcome!

So github has some tools available to mitigate some of the problems tied to it. Probably not perfect for all use cases. But considering the current scale, it doesn't seem to have any effect, as enough publishers seem not to care.

I think npm should force higher standards on popular packages.

I would love to see the equivalent of a linux distro, a curated set of packages and package versions that are known to be compatible and safe. If someone offered this as a paid product businesses would pay for it.

If I want more stability for my OS I can choose Debian-stable rather than Ubuntu-nightly.

But for npm, there doesn't seem to be the same choice available. Either I sign up to the fire-hose or I don't.

I can choose to only upgrade once a month, but there's a chance I'm still getting a package that dropped 5 minutes before.

That's a wake up call to harden your operations. NPM Tokens, AWS/GCP/Azure credentials have no reason to be available in environments where packages may be installed. The same goes for sensitive environment variables.

Like previous variant, it has credential harvesting, self-replication and GitHub public repository based exfiltration.

Double base64 encoded credentials being exposed using GitHub repositories: https://github.com/search?q=%22Sha1-Hulud%3A%20The%20Second%...

Going forward, use WASM if you really want to make an SPA (and think about that choice), where the source language is not something that ties into the JS dependency ecosystem. Ban it and burn it with fire for anything on the backend, for christ.

Would be good to see projects (like those recently effected) nudging devs to do this via install instructions.

We really don't need more package managers other than the ones provided by your operating system, but I dunno maybe its just me.

- A new version of this dependency is published

- A CI somewhere of another NPM package uses this new version dependency in a build, which trigger propagation by creating a new modified version of this dependency?

- And so on...

Am I getting this right?

https://github.com/jrz/container-shell

Implementing everything yourself probably won't cut it.

Copying a dependency into your code base and maintaining it yourself probably won't yield much better results.

However, if a dependency would be part of the version control, depends could at least do a code review before installing an update.

That wouldn't help with new dependencies, that come in with issues right from.the start, but it could help preventing new malware from slipping in later.

A setup like that could benefit from a crowd-sourced review process, similar to Wikipedia.

I think, Nimble, the package manager of Nim, uses a decentralised registry approach based on Git repos. Something like that could be a good start.

typo after the listed affected packages

My ultra hot take: there are only¹ two² programming ecosystems suitable for serious³ work:

  - .net (either run on CLR or compile as an AOT standalone binary)
  - jvm

  __
  1. I don't want other programming languages to die, so I am happy if you disagree with me. Other valid objection: some problems are better served by niche languages. Still, both .net and java support a plethora of niche languages.
  2. Shades of gr[e|a]y, some languages are more complete out of the box than others. 
  3. cf «pick boring tools»

The ones that got my attentions are the @ensdomains/*, that are the legit packages and are probably in every Ethereum/EVM/blockchain related apps for the resolution of decentralized domain names.

A quick search shows those Ledger hardware wallet use those libs too [0]

So I guess they weren't just after API keys.

- [0] https://github.com/search?q=org%3ALedgerHQ%20%40ensdomain&ty...

That seems a bit silly. Even on the beefy boi I used to work on a 10MB hiccup in deployable size would have been sufficient to make me look.

I released one of the packages I work on last night so of course this drew my eye. I assume checking the unpacked size hasn’t gotten ridiculous confirms that your code is not infected yeah? And looks like it’s past time for me to set up a separate account for release management.

At some point, someone has to pay for an organisation whose job will be to review the contents of all of these modules.

Maybe one could split the ecosystem into "validated" and "non validated" stacks ? much like we have stable and dev branches ?

The people validating would of course give their own identity to build trust. And so, companies (moral person) should do that.

Really looking forward to a deeper post-mortem on this.

[0] https://news.ycombinator.com/item?id=46031864

As it arguably would have reduced impact

(I'm one of the Renovate maintainers and have recently pushed for this to be more of a widely used feature)

SHA1-Hulud the Second Comming – Postman, Zapier, PostHog All Compromised via NPM

https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting...

https://github.blog/security/supply-chain-security/our-plan-...

I'm guessing no one yet wants to spend the money it takes for centralized, trusted testing where the test harnesses employ sandboxing and default-deny installs, Deterministic Simulated Testing (DST), or other techniques. And the sheer scale of NPM package modifications per week makes human in the loop-based defense daunting, to the point that only a small "gold standard" subset of packages that has a more reasonable volume of changes might be the only palatable alternative.

What are the thoughts of those deep inside the intersection of NPM and cybersecurity?

instead we've got this absolute mess of bloated, over-engineered junk code and ridiculously complicated module systems.

shinhan is a large korean bank and this admin area geo json util seems to be embedded in many korean gov services.

shinhan-limit-scrap

korea-administrative-area-geo-json-util

The number and range of affected devices may be reduced with any number of package manager level workarounds, but NOT the impact of attacks once any succeeds. For this, you NEED the above.

All libraries should strive to have dependency only on it.