From typo traps to legitimate backdoors: For years, typosquatting defined the npm threat model. Attackers published packages with names just close enough to popular libraries, such as “lodsash,” “expres,” “reacts,” and waited for automation or human error to do the rest. The impact was usually limited, and remediation straightforward.That model began to break in 2025.Instead of impersonating popular packages, attackers increasingly compromised real ones. Phishing campaigns spoofing npm itself harvested maintainer credentials. Stolen tokens were then used to publish trojanized updates that appeared legitimate to every downstream consumer. The Shai-Hulud campaign illustrated the scale of the problem, affecting tens of thousands of repositories and leveraging compromised credentials to self-propagate across the ecosystem.”The npm ecosystem has become the crown jewels of modern development,” said Kush Pandya, a cybersecurity researcher at Socket.dev. “When a single prolific maintainer is compromised, the blast radius spans hundreds of downstream projects.”The result was a quiet but powerful shift: attackers no longer needed to create convincing fakes. They could ship malware through trusted channels, signed and versioned like any routine update.
Developer environments over developer laptops: Modern npm attacks increasingly activate inside CI/CD environments rather than on developer laptops. Post-install scripts, long treated as benign setup helpers, became an execution vector capable of running automatically inside GitHub Actions or GitLab CI. Once inside a runner, malicious packages could read environment variables, steal publish tokens, tamper with build artifacts, or even push additional malicious releases under the victim’s identity.”Developer environments and CI runners are now worth more than end-user machines,” Pandya noted. “They usually have broader permissions, access to secrets, and the ability to push code into production.”Several campaigns observed in mid-2025 were explicitly CI-aware, triggering only when they detected automated build environments. Some included delayed execution or self-expiring payloads, minimizing forensic visibility while maximizing credential theft.For enterprises, this represents a fundamental risk shift. CI systems often operate with higher privileges than any individual user, yet are monitored far less rigorously. “They are often secured with weaker defaults: long-lived publish tokens, overly permissive CI secrets, implicit trust in lifecycle scripts and package metadata, and little isolation between builds,” Pandya noted.According to IDC Research, organizations allocate only about 14% of AppSec budgets to supply-chain security, with only 12% of them identifying CI/CD pipeline security as a top risk. Evasion as a first-class feature: As defenders improved at spotting suspicious packages, attackers adapted too.Recent npm campaigns have used invisible Unicode characters to obscure dependencies, multi-stage loaders that fetch real payloads only after environment checks, and blockchain-hosted command-and-control (C2) references designed to evade takedowns. Others deployed worm-like behavior, using stolen credentials to publish additional malicious packages at scale.Manual review has become largely ineffective against this level of tradecraft. “The days when you could skim index.js and spot a malicious eval() are gone,” Pandya said. “Modern packages hide malicious logic behind layers of encoding, delayed execution, and environment fingerprinting.” Norton echoed the concern, noting that these attacks operate at a behavioral level where static scanning falls short. “Obfuscation techniques make malicious logic difficult to distinguish from legitimate complexity in large JavaScript projects,” she said. “CI-aware payloads and post-install scripts introduce behavior that only manifests under specific environmental conditions.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4117139/from-typos-to-takeovers-inside-the-industrialization-of-npm-supply-chain-attacks.html
