Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated worm-style campaign dubbed 'Shai-Hulud' started yesterday with the compromise of the Control (npub1xgx…xa3d)/tinycolor npm package, and has now expanded to CrowdStrike's npm namespace.
https://www.bleepingcomputer.com/news/security/self-propagating-supply-chain-attack-hits-187-npm-packages/
BleepingComputer
npub1pk…z6763
2025-09-16 16:47:02 UTC
Author Public Key
npub1pkrnqz97z2wckgmwglckccgg65eanvw3wpvuses7npqlvv6st06svz6763Seen on
wss://relay.momostr.pinkPublished at
2025-09-16 16:47:02 UTCEvent JSON
{
"id": "cc82b1e79d695193863fc13baa1741d089bb8e72e189a40671b660c648a6c28d",
"pubkey": "0d873008be129d8b236e47f16c6108d533d9b1d17059c8661e9841f633505bf5",
"created_at": 1758041222,
"kind": 1,
"tags": [
[
"p",
"320de5aa107b843f2cf39bce07cc051279a2b6fb6bc25949c9d78cb999b57c2b"
],
[
"proxy",
"https://infosec.exchange/@BleepingComputer/115214989569970744",
"web"
],
[
"proxy",
"https://infosec.exchange/users/BleepingComputer/statuses/115214989569970744",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/BleepingComputer/statuses/115214989569970744",
"pink.momostr"
],
[
"-"
]
],
"content": "Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated worm-style campaign dubbed 'Shai-Hulud' started yesterday with the compromise of the nostr:npub1xgx7t2ss0wzr7t8nn08q0nq9zfu69dhmd0p9jjwf67xtnxd40s4szmxa3d/tinycolor npm package, and has now expanded to CrowdStrike's npm namespace.\n\nhttps://www.bleepingcomputer.com/news/security/self-propagating-supply-chain-attack-hits-187-npm-packages/",
"sig": "8a3f884c6fcfd4dfca78bd36e9abd4c44901cc1dfc1c6d9606984df9d16eaf68aac87e6767deeeae359e10b1e39cc267c7bfe639c3d552116b3231e944dda750"
}