Full text
6,400 characters
· extracted from
preprint-html
· click to expand
The Shai-Hulud NPM Supply Chain Attack: A Comprehensive Analysis of Self-Replicating Malware in the JavaScript Ecosystem | Authorea try { document.documentElement.classList.add('js'); } catch (e) { } var _gaq = _gaq || []; _gaq.push(['_setAccount', 'G-8VDV14Y67G']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); Skip to main content Preprints Collections Wiley Open Research IET Open Research Ecological Society of Japan All Collections About About Authorea FAQs Contact Us Quick Search anywhere Search for preprint articles, keywords, etc. Search Search ADVANCED SEARCH SCROLL This is a preprint and has not been peer reviewed. Data may be preliminary. 19 September 2025 V1 Latest version Share on The Shai-Hulud NPM Supply Chain Attack: A Comprehensive Analysis of Self-Replicating Malware in the JavaScript Ecosystem Authors : Surya Rao Rayarao 0009-0001-8467-7865 [email protected] and Naga Donikena Authors Info & Affiliations https://doi.org/10.22541/au.175830854.42750868/v1 881 views 300 downloads Contents Abstract Supplementary Material Information & Authors Metrics & Citations View Options References Figures Tables Media Share Abstract In September 2025, the JavaScript ecosystem experienced one of its most sophisticated supply chain attacks to date, dubbed "Shai-Hulud" after the fictional sandworms from the Dune universe. This attack represents a paradigm shift in software supply chain threats, featuring a novel self-replicating worm that compromised over 571 npm packages within a matter of days. The malware demonstrated unprecedented sophistication by automatically propagating itself across the npm registry, stealing developer credentials, and exposing private repositories. This paper provides a comprehensive analysis of the Shai-Hulud attack, examining its technical implementation, propagation mechanisms, impact assessment, and implications for future supply chain security. Through detailed examination of the attack vectors, payload analysis, and affected packages, we present insights into the evolving landscape of software supply chain threats and the critical need for enhanced security measures in package management ecosystems. Supplementary Material File (crypto_theaft.pdf) Download 114.23 KB Information & Authors Information Version history V1 Version 1 19 September 2025 Copyright This work is licensed under a Non Exclusive No Reuse License. Keywords javascript ecosystem malware analysis npm security self-replicating worms software security supply chain attacks Authors Affiliations Surya Rao Rayarao 0009-0001-8467-7865 [email protected] Department of Statistics and Data Sciences Department of Computer Science, The University of Texas at Austin Austin View all articles by this author Naga Donikena Department of Statistics and Data Sciences Department of Computer Science, The University of Texas at Austin Austin View all articles by this author Metrics & Citations Metrics Article Usage 881 views 300 downloads .FvxKWukQNSOunydq8rnd { width: 100px; } Citations Download citation Surya Rao Rayarao, Naga Donikena. The Shai-Hulud NPM Supply Chain Attack: A Comprehensive Analysis of Self-Replicating Malware in the JavaScript Ecosystem. Authorea . 19 September 2025. DOI: https://doi.org/10.22541/au.175830854.42750868/v1 If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download. For more information or tips please see 'Downloading to a citation manager' in the Help menu . Format Please select one from the list RIS (ProCite, Reference Manager) EndNote BibTex Medlars RefWorks Direct import Tips for downloading citations document.getElementById('citMgrHelpLink').addEventListener('click', function() { popupHelp(this.href); return false; }); $(".js__slcInclude").on("change", function(e){ if ($(this).val() == 'refworks') $('#direct').prop("checked", false); $('#direct').prop("disabled", ($(this).val() == 'refworks')); }); View Options View options PDF View PDF Figures Tables Media Share Share Share article link Copy Link Copied! Copying failed. Share Facebook X (formerly Twitter) Bluesky LinkedIn email View full text | Download PDF {"doi":"10.22541/au.175830854.42750868/v1","type":"Article"} Now Reading: Share Figures Tables Close figure viewer Back to article Figure title goes here Change zoom level Go to figure location within the article Download figure Toggle share panel Toggle share panel Share Toggle information panel Toggle information panel Go to previous graphic Go to next graphic Go to previous table Go to next table All figures All tables View all material View all material xrefBack.goTo xrefBack.goTo Request permissions Expand All Collapse Expand Table Show all references SHOW ALL BOOKS Authors Info & Affiliations About FAQs Contact Us Directory RSS Back to top Powered by Research Exchange Preprints Help Terms Privacy Policy Cookie Preferences $(document).ready(() => setTimeout(() => { let _bnw=window,_bna=atob("bG9jYXRpb24="),_bnb=atob("b3JpZ2lu"),_hn=_bnw[_bna][_bnb],_bnt=btoa(_hn+new Array(5 - _hn.length % 4).join(" ")); $.get("/resource/lodash?t="+_bnt); },4000)); (function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'a003be7d7a3adf94',t:'MTc3OTUzNTk4OQ=='};var a=document.createElement('script');a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();
Text is read by the "Ask this paper" AI Q&A widget below.
Extraction quality varies by source — PMC NXML preserves structure
cleanly, OA-HTML may include some navigation residue, and OA-PDF can
have broken hyphenation. The publisher copy
(via DOI)
is the canonical version.