Zapier's NPM account hacked and 425 packages have been infected with Shai Hulud malware. The attack successfully compromised Zapier’s NPM account, leading to the injection of malicious code into a large number of npm packages used in both development and production environments worldwide. The attack affects critical infrastructure components, development tools, and CI CD environments, and is one of the most extensive supply chain threats observed in 2025.
The infected packages together generate approximately 132 million monthly downloads, making the spread global and potentially catastrophic for organizations that do not actively monitor their dependencies or use security checks during installation.
Several high-profile projects and organizations are among those affected, including AsyncAPI ENS Domains PostHog Postman and Zapier itself. The compromised libraries are used in everything from API documentation and analytics tools to authentication. SDK modules and integrated production environments, which makes the attack surface broad and very difficult to control.
Frequently used packages infected
The affected packages include core libraries such as @zapier mcp integration @posthog nextjs @asyncapi cli and @postman secret scanner wasm. These are often found in both production pipelines and development environments where they are automatically installed via dependency management, meaning many organizations may have been exposed without realizing it.
The incident clearly shows how serious it is when Zapier's NPM account is hacked and becomes part of a larger supply chain attack that can quickly spread through dependency chains and affect thousands of projects simultaneously.
Several of the packages have a critical or high risk level because they are loaded in environments with access to authentication keys, sensitive logs, or internal API call. This means that the malicious code's ability to steal and manipulate information is significantly greater than with traditional client attacks.
Worm propagation and advanced propagation technology
According to Aikido Security works Shai Hulud Malware as a self-propagating worm that uses a staging mechanism embedded in setup bun.js to spread to other dependencies.
When the package is installed, the worm writes an initial staging code to the bundleAssets function and then attempts to find or download the Bun runtime environment. If Bun is found or can be installed, the payload bun environment.js is executed, which is the primary malicious module.
The technique shows that the attackers have a deep understanding of npm installations and how modern build pipelines handle dependencies. The worm checks system paths, attempts to install Bun if it is missing, and manipulates environment variables to ensure execution on Windows Linux and macOS.
Theft of secrets and leaked credentials
Shai Hulud is not only an execution tool but also an advanced module for stealing sensitive data. It extracts API keys tokens and internal secrets from infected systems and automatically uploads them to GitHub repositories with random names and a recurring description Sha1 Hulud The Second Coming.

The analysis shows that approximately 26,300 repositories now contain leaked credentials, posing a huge risk of secondary attacks. Threat actors can use these keys to gain access to cloud infrastructure development environments internal systems and external services.
The attackers made several critical mistakes
Researchers have discovered that several infected packages contained only the staging script setup bun.js but lacked the primary worm payload bun environment.js, suggesting an incomplete deployment or misconfiguration during the attack.
The absence of the primary payload limits the direct impact of the attack, but the staging code is still dangerous because it establishes persistence and allows attackers to later deliver a working payload without having to compromise the packets again.
Why the attack is so dangerous for the development chain
| Package Name | Organization | Use Case | Risk Level |
|---|---|---|---|
| @zapier/mcp-integration | Zapier | Model Context Protocol Integration | Critical |
| @zapier/ai-actions | Zapier | AI Actions Module | High |
| @zapier/zapier-sdk | Zapier | Zapier Platform SDK | Critical |
| @posthog/nextjs | PostHog | Next.js Analytics Plugin | Critical |
| @posthog/cli | PostHog | Command Line Interface | High |
| @posthog/plugin-server | PostHog | Event Processing Server | Critical |
| @asyncapi/cli | AsyncAPI | AsyncAPI CLI Tool | Critical |
| @asyncapi/generator | AsyncAPI | API Documentation Generator | High |
| @asyncapi/parser | AsyncAPI | Schema Parser | High |
| @postman/secret-scanner-wasm | Postman | Secret Scanning (WASM) | Critical |
| @postman/postman-mcp-cli | Postman | Model Context Protocol CLI | Critical |
| @postman/pm-bin-linux-x64 | Postman | Postman Linux Binary | Critical |
| @ensdomains/ensjs | ENS Domains | ENS JavaScript Library | High |
| @ensdomains/ens-contracts | ENS Domains | Smart Contracts | High |
| posthog-js | PostHog | JavaScript Analytics | Critical |
| posthog node | PostHog | Node.js Analytics | Critical |
| zapier-platform-cli | Zapier | Zapier CLI Platform | Critical |
| zapier-platform-core | Zapier | Zapier Core Library | Critical |
The attack on Zapier packages illustrates how vulnerable the ecosystem is to dependency attacks. Many companies use thousands of npm packages in their CI CD pipelines, and few have full control over the entire dependency tree. When a package is compromised, the consequences can spread quickly through codebases and environments.
Organizations that lack version locking, automated scanning, or real-time monitoring are at extra risk because infected packages can be installed automatically with every build.
Recommendations for all development teams
To reduce the risk should companies immediately:
• Inventory which of the affected packages are in use
• Run through all CI CD pipelines to find unexpected installations
• Scan codebases and containers for traces of setup bun and bun environment
• Roll back all authentication keys and tokens
• Implement strict policies for dependency control and version locking
• Implement real-time monitoring of new GitHub repositories
• Using tools for software composition analysis
Looking ahead and conclusion
This attack highlights how quickly the development chain can become an attack vector and the importance of being proactive with security practices. Threat actors are now directly targeting development tools because it provides maximum access and minimal detection time.
Companies must strengthen their security models in terms of tools, pipeline monitoring and training. Without a robust strategy, organizations risk falling victim to similar attacks even when their own systems are secure.








