The npm package registry hosts over 3 million packages. Every month, developers download over 400 million of them to build their applications on their machines, in CI, or in production environments. This has always made npm a valuable target for attackers, as compromising a single popular package can lead to a large number of infections. Malicious packages in npm are not new. In fact, the first malicious package was identified back in 2017.
In 2025, though, attackers escalated their assault on npm. For the first time, multiple phishing campaigns struck maintainers of popular npm packages, using adversary-in-the-middle (AiTM) techniques to bypass MFA and infect several highly popular packages. Weeks later, researchers discovered “Shai-Hulud”, the first npm worm that could self-replicate by stealing npm credentials from infected machines and backdooring packages the victim maintained. In November, a second version of this worm ripped through the ecosystem, compromising over 700 packages with a combined 20 million weekly downloads.
In this talk, we’ll start with some history: did you know that the first proof of concept for an npm worm was built 10 years ago? Then, we’ll analyze the most impactful campaigns that targeted npm maintainers in recent months, provide actionable advice for defenders, and share OSINT techniques for investigating and reporting on large-scale supply chain attacks.
