Shai-Hulud 'The Second Coming' (November 2025)
TL;DR
On 2025-11-24, attackers launched the second Shai-Hulud wave: 492 npm packages (132M monthly downloads) trojanized, including packages from Zapier, ENS Domains, PostHog, and Postman. The worm scanned for secrets with TruffleHog, dumped them to public GitHub repos, then re-published itself into every package its compromised maintainers owned. 25,000+ malicious GitHub repos appeared in days.
What happened
A more aggressive, more automated version of the original Shai-Hulud worm. Key differences vs. the September 2025 wave:
- Uses bun. Drops
setup_bun.jsto install Bun, then runsbun_environment.js(the real payload). Faster, harder to scan with classic Node tooling. - Uses TruffleHog. Runs the open-source secret scanner on the host filesystem to maximize credential haul.
- Targets enterprise. Packages from Zapier, ENS, PostHog, Postman caught in the wave — broad supply-chain exposure across SaaS toolchains.
- Timing. Aligned with npm's deadline to revoke classic tokens (2025-12-09). Attackers raced to exploit unmigrated maintainer accounts.
The worm published 25,000+ public GitHub repositories across ~350 unique users, each containing exfiltrated secrets in base64-encoded JSON files.
Am I affected?
# If you installed ANY of these in late Nov / early Dec 2025
npm ls --all 2>/dev/null | grep -iE '(zapier|ens|posthog|postman)'
# Generic: search for the worm's GitHub repo signature
gh search repos "shai-hulud" --limit 50
gh search repos "Shai-Hulud" --owner YOUR_USER # check your own org didn't get a planted repo
# Check for the worm's bun-based execution traces
find ~/.npm -name "setup_bun.js" -o -name "bun_environment.js" 2>/dev/null
If you find traces or installed an affected package during the window, treat all credentials on the machine as compromised.
If you are affected
→ playbooks/if-you-installed-a-bad-npm-package.md → playbooks/if-your-github-pat-leaked.md → playbooks/if-your-npm-token-leaked.md → playbooks/rotating-cloud-credentials.md
Prevention
→ prevention/npm-hardening.md — --ignore-scripts, lockfile audits
→ prevention/credential-hygiene.md — don't keep long-lived tokens on disk
Timeline
- 2025-11-24 — second wave detected, takedowns begin
- 2025-12-09 — npm classic token revocation deadline (the reason attackers raced)
- 2026-05-16 — most packages cleaned, but old lockfiles still vulnerable
Sources
- Microsoft Security Blog — Shai-Hulud 2.0: Guidance for detecting, investigating, and defending
- Wiz — Sha1-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposed
- Aikido — Shai Hulud 2.0 Strikes Again: Zapier & ENS Domains
- Palo Alto Unit 42 — Shai-Hulud Worm Compromises npm Ecosystem (Updated Nov 26)
- Socradar — Shai Hulud's "The Second Coming"
- Netskope — Shai-Hulud 2.0: Aggressive, Automated, and Fast Spreading