Real supply-chain attacks
Attacks PkgRadar could have prevented.
Every credible supply-chain attack of the last seven years has a static fingerprint we hunt for at release time: a new lifecycle script, a new remote payload host, a publisher burst, an obfuscation jump, a credential-path read. Below is the rolling list of named attacks across npm, PyPI, GitHub Actions, and CDN-served scripts — and how a PkgRadar gate would have stopped them at PR-merge time.
Crypto-adjacent npm publishers
Shai-Hulud & Mini-Shai-Hulud (2024 — present)
A self-propagating worm that compromises npm publisher tokens, injects a credential-harvesting payload into one of the publisher's packages, and uses the harvested tokens to walk to the next maintainer.
Indicators on the malicious release
- Sudden install-time fetch from a remote attacker-controlled host added in a new version
- Postinstall lifecycle script that reads npm tokens, GitHub credentials, and cloud config files
- Publisher burst — multiple unrelated packages publishing within minutes of one another
How PkgRadar catches it
Campaign-hunter correlates publisher bursts and shared remote-payload hosts; static analysis flags credential-path reads in lifecycle scripts. A consumer's CI gate with fail_on=high would have blocked any subsequent install of the compromised version.
GitHub Actions consumers
tj-actions/changed-files (2025)
A widely used GitHub Action was overwritten by a compromised maintainer token. The action printed runner secrets to logs in a base64-encoded form for harvesting.
Indicators on the malicious release
- Tag mutation: previously stable v35 tag pointing at a malicious commit
- New base64-encoded payload referencing GitHub Actions environment variables
- Outbound network call from a previously offline action
How PkgRadar catches it
Static evidence on the rewritten release shows the new base64 obfuscation and env-variable harvesting in scripts. While GitHub Actions is not npm, the same indicators apply when these dependencies enter Node tooling.
Front-end + Node consumers (10M+ weekly downloads)
ua-parser-js (October 2021)
After the maintainer's npm account was hijacked, three malicious versions were published that ran a postinstall script downloading a crypto-miner and a credential-stealer.
Indicators on the malicious release
- New postinstall script in package.json that wasn't in the prior version
- Remote tarball fetch from a recently-registered IP
- Binary download + shell execution at install time
How PkgRadar catches it
PkgRadar's version-diff finding fires on the added postinstall script. The remote-payload follower flags the suspicious download URL. fail_on=high blocks the install during PR validation.
Bitcoin wallet developers (8M weekly downloads)
event-stream / flatmap-stream (November 2018)
Original maintainer handed off the package to a new contributor who added a dependency on [email protected]. That dependency contained an obfuscated payload targeting Copay wallet developers.
Indicators on the malicious release
- New runtime dependency on a fresh, low-download package (flatmap-stream)
- Heavily obfuscated code (base64 + AES + encoded strings) shipped in the dependency
- Targeted payload that only activates in specific runtime contexts
How PkgRadar catches it
PkgRadar's manifest-diff detects the new dependency. The obfuscated-code finding on flatmap-stream itself is high signal. Campaign-hunter would correlate the new package, low download count, and obfuscation pattern.
Everything depending on either package (~28M weekly downloads combined)
colors.js & faker.js sabotage (January 2022)
The maintainer intentionally pushed an infinite-loop release of colors.js and emptied faker.js, breaking thousands of CI pipelines worldwide.
Indicators on the malicious release
- Drastic version-diff: most code deleted or replaced with a loop
- Removal of legitimate functionality
- Author commentary in commit messages or README
How PkgRadar catches it
PkgRadar treats large diffs and removed functionality as review signals. A gate set to fail_on=review would have flagged the sabotage release before it hit production CI.
Front-end developers using ESLint (~3.5M weekly downloads)
eslint-scope 3.7.2 (July 2018)
An attacker phished an npm maintainer's credentials and published a patch version that scraped the user's .npmrc for tokens and exfiltrated them.
Indicators on the malicious release
- Read of ~/.npmrc and similar credential paths from package code
- Outbound network exfiltration in a previously offline package
- Patch-version release published outside the maintainer's typical cadence
How PkgRadar catches it
The credential-paths finding fires on the .npmrc read. Outbound network calls in a tooling package are review signals. Publisher-burst detection flags the off-cadence release.
Sites embedding the CDN-served polyfill.js
polyfill.io takeover (June 2024)
After the domain changed ownership, the script started serving a payload that redirected mobile users to scam pages. While not strictly an npm attack, it demonstrates the supply-chain risk of remote payload references in package configurations and build steps.
Indicators on the malicious release
- Remote payload reference in package manifest pointing at a third-party domain
- Conditional payload (mobile UA only) that wouldn't trip simple curl probes
- Domain ownership change without a code change
How PkgRadar catches it
Remote-payload follower fetches the referenced JS statically. The manifest-remote-dependency cluster surfaces packages referencing the same upstream — useful for fast cohort response.
Sites using the popular Lottie animation player
@lottiefiles/lottie-player (October 2024)
A compromised maintainer token was used to publish malicious v2.0.5 / v2.0.6 / v2.0.7 releases that injected a fake crypto-wallet popup to harvest seed phrases.
Indicators on the malicious release
- Patch versions published in rapid succession outside the normal cadence
- New code paths interacting with window / DOM in unexpected ways
- Obfuscated payload conditional on user interaction
How PkgRadar catches it
Publisher-burst clusters fire on the rapid release cadence. Static diff against v2.0.4 surfaces the new wallet-popup code path. fail_on=high blocks all three versions.
Solana ecosystem developers (350K weekly downloads)
@solana/web3.js (December 2024)
Compromised maintainer pushed v1.95.6 and v1.95.7 that exfiltrated private keys to an attacker-controlled wallet.
Indicators on the malicious release
- New code path serialising private keys outside the documented signing flow
- Outbound HTTP POST in versions that previously had no network footprint
- Suspicious string handling around Keypair / fromSecretKey
How PkgRadar catches it
Diff findings on the added serialisation path. Network-POST static finding in a previously-offline build. The CI gate blocks v1.95.6+ before it merges.
SSH servers on Linux distributions
xz-utils backdoor (March 2024)
A maliciously crafted commit by a long-running maintainer introduced a backdoor into liblzma that targeted SSH. While not npm, the technique — a patient maintainer compromise — is exactly the threat model PkgRadar is built for in the npm ecosystem.
Indicators on the malicious release
- Build-time test fixture used to smuggle binary payload bytes
- Conditional payload activation tied to specific build configurations
- Long-tail maintainer infiltration over months
How PkgRadar catches it
Static evidence on build-time scripts and test fixtures is a core scanner output. Publisher-posture features track new committer activity. The equivalent npm scenario would surface in the static evidence stream.