If you ran a malicious npm postinstall script
Scope:
npm installran an attacker-controlledinstall/preinstall/postinstalllifecycle script orbinding.gypnode-gyp build step.
Do this first
- Disconnect from the internet (stops active exfiltration).
- Kill node processes:
pkill -f node. - Note the exact package name + version.
Assume full credential exposure
Postinstall scripts run as your user and can read all files in ~/ (.aws/credentials, .ssh/, .npmrc, .claude/, .cursor/, etc.) and all environment variables. Rotate immediately:
- Cloud IAM credentials → rotating-cloud-credentials.md
- GitHub PAT / SSH keys → if-your-github-pat-leaked.md
- npm token → if-your-npm-token-leaked.md
- LLM API keys (
OPENAI_API_KEY,ANTHROPIC_API_KEY, etc.)
Check for persistence
crontab -l 2>/dev/null
ls ~/Library/LaunchAgents/ 2>/dev/null # macOS
ls ~/.config/systemd/user/ 2>/dev/null # Linux
ls -lt ~/.bashrc ~/.zshrc ~/.profile 2>/dev/null
Check AI config for poisoning (TrapDoor class)
python3 -c "
import os
for f in ['.cursorrules','CLAUDE.md','.windsurfrules','AGENTS.md']:
if os.path.exists(f):
t = open(f).read()
bad = [hex(ord(c)) for c in t if 0x200b <= ord(c) <= 0x200f or ord(c) == 0xfeff]
if bad: print(f'{f}: SUSPICIOUS', bad)
"
References
- Snyk — NPM Security Best Practices After the Shai-Hulud Attack
- CISA — Defending Against Software Supply Chain Attacks
Prevention
→ prevention/npm-hardening.md → prevention/supply-chain-attack-surface.md