JFrog Security

Xray customers can use XRAY-983727 to check if they are impacted

🚨Active npm supply chain attack - the node-ipc package (670K weekly downloads) has been compromised, versions 9.1.6 (still live!), 9.2.3 and 12.0.1 contain a credential-stealer payload. JFrog Xray and Curation have been updated

We’re seeing false positives for these advisory IDs: GHSA-grrc-v84p-qwv3 (@puppeteer/browsers 3.0.1) GHSA-rvxm-vq55-8p53 (puppeteer-core 25.0.1) This is not noise at small scale: puppeteer-core alone is at 17M weekly / 69M monthly. Automation is a tool, not a judge.

PoC hash for future reference - e09d11058868b4dd3fc45ecf7bd540da131e4633a92b0be8c62b79e990ad60c4

The original compromised PyPI packages were already yanked, so this could be a preparation for another round of PyPI package hijacks We've updated our blog with analysis of the new PyPI payload - research.jfrog.com/post/shai-hulu…

"Shai-Hulud: Here We Go Again" update - the 2nd stage PyPI payload has changed in the last hours from a benign payload to a credential stealer with possible destructive behavior!

@Answerislove2 @TansTack @Squawk "Shai-Hulud: Here We Go Again" is different from the Mini Shai-Hulud payload. Read our full analysis: research.jfrog.com/post/shai-hulu…

Current exact indicator coverage in our advisory: - 408 npm artifacts - 4 PyPI artifacts - 1 Composer artifact - 413 exact unique indicators total Socket’s page says 416 affected artifacts; the difference appears to include duplicate displayed PyPI rows / artifact-level distinctions versus unique package-version indicators. x.com/Answerislove2/…

🚨SECURITY ALERT: Ongoing supply chain attack - “Shai-Hulud: Here We Go Again” We are continuing to track the latest attack in the “Shai-Hulud: Here We Go Again” campaign - Up until now 406 package versions were detected as compromised, including npm scopes @tanstack, @squawk, @uipath, and spreading to PyPI packages mistralai and guardrails-ai. JFrog Curation customers using an Immaturity policy were fully protected from this attack, as all of the hijacked packages were flagged in less than 24 hours. See our blog for a full analysis of this attack, including an ongoing list of compromised packages (link shared soon in this thread).

JFrog Catalog users can now use the new label "Shai-Hulud: Here We Go Again" to instantly see the updated list of affected packages.

@TansTack @Squawk Before the revocation of GitHub tokens, it is critical to eliminate the malware’s dead-man switch mechanisms.

See our full analysis here: research.jfrog.com/post/shai-hulu…

The campaign has evolved further - see more detail here x.com/JFrogSecurity/…

🚨SECURITY ALERT: The transtack npm packages have been compromised in a supply chain attack. ⚠️Affected 42 packages: @tanstack/arktype-adapter [1.166.12],[1.166.15] @tanstack/eslint-plugin-router [1.161.12],[1.161.9] @tanstack/eslint-plugin-start [0.0.4],[0.0.7] @tanstack/history [1.161.12],[1.161.9] @tanstack/nitro-v2-vite-plugin [1.154.12],[1.154.15] @tanstack/react-router [1.169.5],[1.169.8] @tanstack/react-router-devtools [1.166.16],[1.166.19] @tanstack/react-router-ssr-query [1.166.15],[1.166.18] @tanstack/react-start [1.167.68],[1.167.71] @tanstack/react-start-client [1.166.51],[1.166.54] @tanstack/react-start-rsc [0.0.47],[0.0.50] @tanstack/react-start-server [1.166.55],[1.166.58] @tanstack/router-cli [1.166.46],[1.166.49] @tanstack/router-core [1.169.5],[1.169.8] @tanstack/router-devtools [1.166.16],[1.166.19] @tanstack/router-devtools-core [1.167.6],[1.167.9] @tanstack/router-generator [1.166.45],[1.166.48] @tanstack/router-plugin [1.167.38],[1.167.41] @tanstack/router-ssr-query-core [1.168.3],[1.168.6] @tanstack/router-utils [1.161.11],[1.161.14] @tanstack/router-vite-plugin [1.166.53],[1.166.56] @tanstack/solid-router [1.169.5],[1.169.8] @tanstack/solid-router-devtools [1.166.16],[1.166.19] @tanstack/solid-router-ssr-query [1.166.15],[1.166.18] @tanstack/solid-start [1.167.65],[1.167.68] @tanstack/solid-start-client [1.166.50],[1.166.53] @tanstack/solid-start-server [1.166.54],[1.166.57] @tanstack/start-client-core [1.168.5],[1.168.8] @tanstack/start-fn-stubs [1.161.12],[1.161.9] @tanstack/start-plugin-core [1.169.23],[1.169.26] @tanstack/start-server-core [1.167.33],[1.167.36] @tanstack/start-static-server-functions [1.166.44],[1.166.47] @tanstack/start-storage-context [1.166.38],[1.166.41] @tanstack/valibot-adapter [1.166.12],[1.166.15] @tanstack/virtual-file-routes [1.161.10],[1.161.13] @tanstack/vue-router [1.169.5],[1.169.8] @tanstack/vue-router-devtools [1.166.16],[1.166.19] @tanstack/vue-router-ssr-query [1.166.15],[1.166.18] @tanstack/vue-start [1.167.61],[1.167.64] @tanstack/vue-start-client [1.166.46],[1.166.49] @tanstack/vue-start-server [1.166.50],[1.166.53] @tanstack/zod-adapter [1.166.12],[1.166.15]

@TansTack @Squawk

Speed without trust is just the Dark Side in disguise. May the 4th be with you - and may your binaries be with you, too. ✨ AI agents are shipping code faster than ever. Which means your artifact repo isn't storage — it's your last line of defense. With JFrog, every package is versioned. Every model traceable. One source of truth. Get started today: jfrog.com/may-promo #MayThe4thBeWithYou #DevSecOps #AI #JFrogForce #SoftwareSupplyChain

🚨 Another hijack today: The intercom-client npm package has been compromised in a supply chain attack. ⚠️ Affected Versions: 7.0.4

🚨 SECURITY ALERT: The popular PyPI package lightning has been compromised in a supply chain attack. ⚠️ Affected Versions: 2.6.2 and 2.6.3

🚨Security Alert: Supply Chain Attack on SAP-Related npm Packages: A targeted supply chain attack, "Mini Shai-Hulud," has been identified affecting several popular npm packages within the SAP developer ecosystem: @cap-js/postgres 2.2.2 @cap-js/sqlite 2.2.2 @cap-js/db-service 2.10.1 mbt 1.2.48

Another day, another false positive in OSV and GHSA. We’ve identified that the popular npm package hls.js (4.5M weekly downloads) has been incorrectly flagged as malicious in versions 1.7.0-alpha.1.0.canary.11764 and 1.7.0-alpha.1.0.canary.11765. Despite being pulled from npm, our analysis confirms these canary versions are legitimate. Automated flagging without manual verification continues to cause unnecessary friction for developers. We have contacted GitHub to ensure this false positive is removed. Advisories: MAL-2026-3019 GHSA-pq9g-f2rr-m4hw #AppSec #SupplyChainSecurity #Malware #FalsePositive #hlsjs