The NPM ecosystem is facing one of its largest
supply-chain compromises to date. In September 2025, CISA disclosed a
widespread campaign affecting hundreds of JavaScript packages. By late
November 2025, security researchers reported a second, more aggressive
wave, showing signs of automation, credential harvesting, and faster
propagation.
Although Shai-Hulud is primarily a code-level supply-chain attack,
it also exposes major weaknesses in how organizations handle external files
an area where deterministic CDR provides essential protection.
What Changed in the September → November
Escalation
The initial September disclosure revealed broad compromise across
the NPM registry.
The November wave ( v2 ) introduced:
- more
automated republishing of infected packages
- expanded
credential theft (GitHub + CI/CD tokens)
- deeper
insertion into build/publish workflows
- greater
volume of tampered dependencies
Because this activity occurs inside trusted developer workflows,
downstream impact is extremely difficult to track.
Why Traditional Defenses Fall Short
Shai-Hulud does not rely on exploits. It hides inside normal
package scripts, which means:
- the code
looks like regular JavaScript
- dependency
auto-updates effortlessly spread infections
- AV/EDR
rarely flag anything abnormal
Even though it s code-driven, the campaign still uses file-based
components, including:
- malicious
ZIP/TAR assets inside packages
- scripts
embedded in documentation bundles
- payloads
dropped during installation
- data-exfiltration
files
- lateral-movement
tools disguised as assets
These arrive through email, uploads, ticket systems, cloud-share
links, and vendor channels all vectors detection-based tools often miss.
Where CDR Provides Real Protection
Deterministic Content
Disarm & Reconstruction (CDR) prevents attackers from weaponizing
external files even if the software supply chain upstream is compromised.
GateScanner CDR removes high-risk elements such as:
- active
scripts
- macros
- embedded
executables
- nested or
hidden archives
- polyglot
file tricks
- obfuscation
layers
By rebuilding files from safe, known-good
components, CDR ensures external documentation, sample data, test files, vendor
materials, and archive bundles never contain embedded payloads used for
footholds or lateral movement.
A Dual Approach: Supply-Chain Hardening + File
Sanitization
Strengthen the supply chain:
- Pin
dependencies
- Enforce
integrity/signature checks
- Maintain
validated SBOMs
- Rotate
secrets and tokens
- Monitor
CI/CD execution
Strengthen file exchange security (CDR):
- Sanitize
every incoming file
- Remove
macro/script-driven infection vectors
- Neutralize
embedded payloads
- Ensure
safe vendor/partner file submission flows
Conclusion
Shai-Hulud s 2025 waves prove that code-level attacks increasingly
intersect with file-borne vectors. Developers constantly receive files
documents, datasets, archives, onboarding materials, vendor deliverables. A
single malicious file can bypass all software supply-chain controls and land
directly on a workstation.
CDR closes that gap ensuring every incoming file is
safe-by-design, even when upstream ecosystems are compromised.
