{"id":16156,"date":"2026-04-30T10:01:57","date_gmt":"2026-04-30T10:01:57","guid":{"rendered":"https:\/\/newestek.com\/?p=16156"},"modified":"2026-04-30T10:01:57","modified_gmt":"2026-04-30T10:01:57","slug":"sap-npm-package-attack-highlights-risks-in-developer-tools-and-ci-cd-pipelines","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=16156","title":{"rendered":"SAP npm package attack highlights risks in developer tools and CI\/CD pipelines"},"content":{"rendered":"<div>\n<div id=\"remove_no_follow\">\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<section class=\"wp-block-bigbite-multi-title\">\n<div class=\"container\"><\/div>\n<\/section>\n<p>A supply chain attack on SAP-related npm packages has put fresh scrutiny on the developer tools and build workflows that enterprises rely on to produce software.<\/p>\n<p>The campaign, referred to as \u201cmini Shai-Hulud,\u201d affected packages used in SAP\u2019s JavaScript and cloud application development ecosystem.<\/p>\n<p>The malicious versions added installation-time code that could steal developer credentials, GitHub and npm tokens, GitHub Actions secrets, and cloud credentials from AWS, Azure, GCP, and Kubernetes environments.<\/p>\n<p>Researchers at <a href=\"https:\/\/safedep.io\/mini-shai-hulud-and-sap-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">SafeDep<\/a>, <a href=\"https:\/\/www.aikido.dev\/blog\/mini-shai-hulud-has-appeared\" target=\"_blank\" rel=\"noreferrer noopener\">Aikido Security<\/a>, <a href=\"https:\/\/www.wiz.io\/blog\/mini-shai-hulud-supply-chain-sap-npm\" target=\"_blank\" rel=\"noreferrer noopener\">Wiz<\/a>, and several other security firms said the affected packages included mbt@1.2.48, @cap-js\/db-service@2.10.1, @cap-js\/postgres@2.2.2, and @cap-js\/sqlite@2.2.2.<\/p>\n<p>The suspicious versions were published on April 29 and were later replaced by safe releases.<\/p>\n<p>The malware encrypted stolen data and sent it to public <a href=\"https:\/\/www.csoonline.com\/article\/4164925\/critical-github-rce-bug-exposed-millions-of-repositories.html\">GitHub repositories<\/a> created from victims\u2019 own accounts, according to the researchers. It also used stolen GitHub and npm tokens to add malicious GitHub Actions workflows to accessible repositories and publish poisoned package versions.<\/p>\n<p>SafeDep said the attackers abused a configuration gap in npm\u2019s OIDC trusted publishing setup for the affected @cap-js packages. The compromise of mbt, meanwhile, is suspected to involve a static npm token.<\/p>\n<p>The attackers also attempted to persist through Visual Studio Code and Claude Code configuration files. The technique puts developer workstations and AI-assisted coding tools closer to the center of supply chain security concerns.<\/p>\n<h2 class=\"wp-block-heading\" id=\"implications-for-cisos\">Implications for CISOs<\/h2>\n<p>For CISOs, the case shows how quickly a tainted dependency can move beyond the build process. It also adds to concerns that developer environments, though central to enterprise software delivery, are still not governed with the same rigor as production systems.<\/p>\n<p>\u201cThe fact that the malware was designed to harvest GitHub and npm tokens, GitHub Actions secrets, and cloud credentials from AWS, Azure, GCP, and Kubernetes in a single pass tells you that attackers now treat the developer workstation as a master key,\u201d said <a href=\"https:\/\/my.idc.com\/getdoc.jsp?containerId=PRF005665\" target=\"_blank\" rel=\"noreferrer noopener\">Sakshi Grover<\/a>, senior research manager for IDC Asia Pacific Cybersecurity Services.<\/p>\n<p>A single compromised developer identity in a CI\/CD pipeline can give attackers a route into the wider software supply chain, allowing them to push malicious code into packages that downstream developers may install with little visibility into tampering.<\/p>\n<p>That lack of visibility remains a concern, Grover said, citing IDC\u2019s Asia Pacific Security Survey 2025, which found that 46% of enterprises plan to deploy AI for third-party and supply chain risk analysis over the next 12 to 24 months. For now, she said, many organizations are still in the planning stage and have yet to operationalize AI-driven defenses against attacks such as the mini Shai-Hulud campaign.<\/p>\n<p><a href=\"https:\/\/www.linkedin.com\/in\/sunilvarkey1\/\" target=\"_blank\" rel=\"noreferrer noopener\">Sunil Varkey<\/a>, a cybersecurity analyst, described the campaign as a case of \u201cliving off the developer,\u201d where attackers target <a href=\"https:\/\/www.csoonline.com\/article\/4163355\/ai-is-reshaping-devsecops-to-bring-security-closer-to-the-code.html\">developers, their tools, and automation<\/a> rather than only the software package itself.<\/p>\n<p>Varkey said the attackers went beyond poisoning npm packages by compromising maintainer GitHub accounts, abusing loosely configured npm OIDC Trusted Publishing, and using preinstall hooks to publish credential-stealing malware.<\/p>\n<p>The more troubling element, he said, was the use of Visual Studio Code and Claude Code configuration files, specifically .vscode\/tasks.json and .claude\/settings.json, for persistence and propagation. That allowed the malware to execute when an infected repository was opened in Visual Studio Code, or when a Claude Code session started, he said.<\/p>\n<p>\u201cThe attacker is turning the modern developer experience itself into an attack vector,\u201d Varkey said.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A supply chain attack on SAP-related npm packages has put fresh scrutiny on the developer tools and build workflows that enterprises rely on to produce software. The campaign, referred to as \u201cmini Shai-Hulud,\u201d affected packages used in SAP\u2019s JavaScript and cloud application development ecosystem. The malicious versions added installation-time code that could steal developer credentials, GitHub and npm tokens, GitHub Actions secrets, and cloud credentials&#8230; <\/p>\n<p class=\"more\"><a class=\"more-link\" href=\"https:\/\/newestek.com\/?p=16156\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-16156","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/16156","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16156"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/16156\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}