NPM Supply Chain Bypass: PackageGate and Shai-Hulud Exploits Expose Open-Source Risks in 2026
Executive Summary
In January 2026, critical vulnerabilities dubbed "PackageGate" were revealed in NPM and several popular JavaScript package managers, exposing gaps in defenses against supply chain attacks like last year's Shai-Hulud incidents. Despite previous security improvements, attackers could still bypass NPM's safeguard against malicious package scripts by leveraging Git dependencies and malicious .npmrc configuration files, leading to unauthorized code execution—even when script blocking features were enabled. The flaws, discovered by Koi Security researchers, allowed full code compromise and had potential for massive developer credential and secret exfiltration, threatening tens of thousands of projects and their downstream users.
These findings highlight the persistent risks in open-source supply chains and the accelerating pace of software supply chain attacks. As threat actors become more adept at exploiting package management tools, organizations face renewed urgency to bolster visibility, enforce granular access controls, and adopt defense-in-depth measures to protect development workflows and critical assets.
Why This Matters Now
This incident underscores continuing gaps in software supply chain security, particularly for organizations relying on open-source dependencies. With NPM declining to patch the exploit, threat actors can potentially abuse these bypasses in future attacks, making urgent mitigation and vigilant dependency management vital for every development team.
Attack Path Analysis
Attackers compromised the NPM supply chain by leveraging Git dependencies to bypass script execution defenses, embedding malicious configuration files to trigger unauthorized code execution during package installation. Gaining an initial foothold, the attackers could elevate privileges by abusing the manipulation of configuration files to gain broader access in build or CI/CD environments. From the compromised environment, lateral movement was possible by utilizing available network paths or credentials accessed via malicious scripts. The malware established command and control via reverse shells, maintaining external connectivity and persistence. Sensitive developer secrets and tokens were then exfiltrated to attacker-controlled servers. Ultimately, the impact manifested as widespread leakage of secrets and potential disruption of downstream projects and CI/CD pipelines.
Kill Chain Progression
Initial Compromise
Description
Attackers introduced malicious Git dependencies into open-source projects, bypassing NPM script execution restrictions to gain execution within developer or CI/CD environments.
Related CVEs
CVE-2025-69264
CVSS 8.8pnpm versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during installation, circumventing security features designed to disable dependency lifecycle scripts by default.
Affected Products:
pnpm pnpm – 10.0.0 through 10.25
Exploit Status:
proof of conceptCVE-2025-69263
CVSS 7.5pnpm versions 10.26.2 and below store HTTP tarball dependencies without integrity hashes, allowing remote servers to serve different content on each install, even when a lockfile is committed.
Affected Products:
pnpm pnpm – 10.26.2 and below
Exploit Status:
proof of concept
MITRE ATT&CK® Techniques
Supply Chain Compromise: Compromise Software Supply Chain
Valid Accounts
Command and Scripting Interpreter
Impair Defenses: Disable or Modify Tools
Modify Authentication Process: Pluggable Authentication Modules
Unsecured Credentials: Credentials in Files
Exfiltration Over C2 Channel
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Change and Development Management
Control ID: 6.3.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA (Digital Operational Resilience Act) – ICT Risk Management Framework
Control ID: Art. 10
CISA ZTMM 2.0 – Supply Chain Risk Management
Control ID: SM.2.3
NIS2 Directive – Cybersecurity Risk Management and Reporting
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
JavaScript package managers vulnerability enables supply chain attacks bypassing security controls, directly impacting software development workflows and code integrity protections.
Information Technology/IT
NPM dependency exploitation allows script execution bypass affecting IT infrastructure management, requiring enhanced egress security and zero trust segmentation implementations.
Financial Services
Supply chain attacks through Git dependencies threaten financial application security, compromising PCI compliance requirements and exposing sensitive transaction processing systems.
Health Care / Life Sciences
JavaScript ecosystem vulnerabilities risk HIPAA compliance violations through compromised development tools, potentially exposing patient data through tainted healthcare application dependencies.
Sources
- Hackers can bypass npm’s Shai-Hulud defenses via Git dependencieshttps://www.bleepingcomputer.com/news/security/hackers-can-bypass-npms-shai-hulud-defenses-via-git-dependencies/Verified
- CVE-2025-69264 Detailhttps://nvd.nist.gov/vuln/detail/CVE-2025-69264Verified
- CVE-2025-69263 Detailhttps://nvd.nist.gov/vuln/detail/CVE-2025-69263Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Applying Zero Trust Segmentation, egress filtering, encryption enforcement, and multicloud visibility would have constrained unauthorized script execution, lateral movement, and especially secret exfiltration, significantly reducing the blast radius of such supply chain attacks.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: Attack surface reduction and policy-based enforcement could prevent untrusted scripts from executing.
Control: Zero Trust Segmentation
Mitigation: Segmentation policies would restrict privilege scope even if malicious scripts execute.
Control: East-West Traffic Security
Mitigation: Controls would block unauthorized internal traffic between workloads and sensitive resources.
Control: Multicloud Visibility & Control
Mitigation: Anomalous outbound connections and reverse shell activity are detected in near-real-time.
Control: Egress Security & Policy Enforcement
Mitigation: Outbound sensitive data flows to unapproved destinations are blocked or logged and quarantined.
Downstream impact is minimized as outbound leaks and connections are preemptively blocked.
Impact at a Glance
Affected Business Functions
- Software Development
- Continuous Integration/Continuous Deployment (CI/CD)
Estimated downtime: 3 days
Estimated loss: $50,000
Potential exposure of sensitive developer credentials and proprietary code due to unauthorized code execution.
Recommended Actions
Key Takeaways & Next Steps
- • Enforce Zero Trust Segmentation and least privilege to prevent malicious scripts from accessing sensitive cloud resources.
- • Apply granular egress filtering and DNS/FQDN controls to block unauthorized exfiltration or reverse shell activity.
- • Deploy deep East-West Traffic Security to limit lateral movement opportunities between workloads and cloud services.
- • Activate multicloud visibility and behavioral analytics for rapid detection of anomalous or unauthorized network flows.
- • Integrate inline policy enforcement at all workload and CI/CD ingress points to detect and block supply chain abuses in real time.
