The npm ecosystem just delivered another masterclass in how open source ideology creates perfect conditions for industrial-scale security disasters. On May 19th, 2026, attackers compromised the ‘atool’ account and pumped out 637 malicious package versions across 317 projects in just 22 minutes including heavy hitters like size-sensor (4.2M monthly downloads) and echarts-for-react (3.8M downloads). The payload? A 498KB obfuscated script that hoovers up credentials from AWS, GitHub, npm, SSH keys, and basically anything else worth stealing from your infrastructure.
What makes this attack particularly elegant is its dual execution strategy. Beyond the standard preinstall hooks that the community has learned to fear, the malware exploits GitHub’s fork object sharing to create ‘imposter commits’ orphaned commits with forged authorship that exist in legitimate repositories without requiring any write access. These commits host payload copies that npm’s github: dependency resolution happily fetches and executes. It’s a beautiful demonstration of how distributed systems built on trust create attack surfaces that centralized alternatives simply don’t have.
The persistence mechanisms read like a security researcher’s fever dream: hijacking Claude Code and VS Code to re-execute on every session, installing systemd services that poll GitHub commits for RSA-signed remote commands, and even attempting Docker container escapes. In CI environments, it exchanges GitHub Actions OIDC tokens for npm publish rights and creates legitimately-signed malicious artifacts via Sigstore. The cherry on top? It injects persistence into GitHub Actions workflows disguised as ‘Run Copilot’ that dumps all repository secrets before cleaning up after itself.
This is the same ‘Mini Shai-Hulud’ toolkit that hit SAP three weeks earlier, suggesting we’re dealing with either a sophisticated group or someone who’s industrialized supply chain attacks into a repeatable business model. Either way, it’s another reminder that the npm ecosystem’s ‘anybody can publish anything’ philosophy scales beautifully for attackers. The decentralized utopia that was supposed to liberate us from corporate gatekeepers has instead created the most efficient malware distribution network in computing history.
