TL;DR

On 2025-11-24, attackers launched the second Shai-Hulud wave: 492 npm packages (132M monthly downloads) trojanized, including packages from Zapier, ENS Domains, PostHog, and Postman. The worm scanned for secrets with TruffleHog, dumped them to public GitHub repos, then re-published itself into every package its compromised maintainers owned. 25,000+ malicious GitHub repos appeared in days.

What happened

A more aggressive, more automated version of the original Shai-Hulud worm. Key differences vs. the September 2025 wave:

  • Uses bun. Drops setup_bun.js to install Bun, then runs bun_environment.js (the real payload). Faster, harder to scan with classic Node tooling.
  • Uses TruffleHog. Runs the open-source secret scanner on the host filesystem to maximize credential haul.
  • Targets enterprise. Packages from Zapier, ENS, PostHog, Postman caught in the wave — broad supply-chain exposure across SaaS toolchains.
  • Timing. Aligned with npm's deadline to revoke classic tokens (2025-12-09). Attackers raced to exploit unmigrated maintainer accounts.

The worm published 25,000+ public GitHub repositories across ~350 unique users, each containing exfiltrated secrets in base64-encoded JSON files.

Am I affected?

# If you installed ANY of these in late Nov / early Dec 2025
npm ls --all 2>/dev/null | grep -iE '(zapier|ens|posthog|postman)'

# Generic: search for the worm's GitHub repo signature
gh search repos "shai-hulud" --limit 50
gh search repos "Shai-Hulud" --owner YOUR_USER  # check your own org didn't get a planted repo
# Check for the worm's bun-based execution traces
find ~/.npm -name "setup_bun.js" -o -name "bun_environment.js" 2>/dev/null

If you find traces or installed an affected package during the window, treat all credentials on the machine as compromised.

If you are affected

playbooks/if-you-installed-a-bad-npm-package.mdplaybooks/if-your-github-pat-leaked.mdplaybooks/if-your-npm-token-leaked.mdplaybooks/rotating-cloud-credentials.md

Prevention

prevention/npm-hardening.md--ignore-scripts, lockfile audits → prevention/credential-hygiene.md — don't keep long-lived tokens on disk

Timeline

  • 2025-11-24 — second wave detected, takedowns begin
  • 2025-12-09 — npm classic token revocation deadline (the reason attackers raced)
  • 2026-05-16 — most packages cleaned, but old lockfiles still vulnerable

Sources