Lately, there have been multiple supply chain attacks targeting the npm ecosystem. I know that these types of attacks have happened in the past, but when two occur within a fairly short period of time, you have to start thinking about the viability of this way of handling dependencies.

The first attack — I don’t know if it ever got a name — but in the beginning of September (2025), Kevin Beaumont posted on Mastodon about a supply chain attack currently in the wild. The infected packages had weekly download numbers in the billions. One affected package, color-name, alone had close to 200 million downloads a week. At least 18 packages were infected with a cryptocurrency wallet drainer. npm worked hard and was able to remove the infected packages.

Less than two weeks later, Shai Hulud — a worm trying to spread itself to other packages — was found in the wild. Essentially, what it does is that when an infected package is being installed (as a direct or indirect dependency) using npm install, the worm is executed. It scans the computer for secrets using a tool called TruffleHog — then continues to create a new public repository where these details are submitted (search for Shai-Hulud on GitHub). After this, it continues to infect other repositories the person (or CI/CD process) has access to, and publishes these to npm.

Essentially, just running npm install in a project with an affected indirect dependency could be enough to get hacked.

In the first case, it is not clear to me how the vulnerability got into the packages in the first place. But it didn’t seem to spread by itself. Shai Hulud, on the other hand, could use tokens and secrets on the maintainer’s machine to act in his or her name. I cannot understand how the worm was able to create repositories and push code without the developer interacting. Are they using SSH keys without passwords?

This highlights a pretty big problem with the npm repository. By infecting common utility libraries, the spread can be far and wide. A huge part of the internet is being run on software from these repositories, and the effect can be enormous if not found and mitigated quickly. I’m thinking it should be possible to sign packages to make sure they are not tampered with — but it would require a human step to actually sign off on the package.

I am mainly writing about the problems affecting npm in this article, but other packaging systems like mvn and NuGet are also at risk of supply chain attacks in different ways — even though there are some steps in place to protect users.

That’s it. I mainly wanted to highlight the issue. I offer no ideas on how to fix these problems. Sometimes it’s helpful to write as you think — this was one of those times.