How npm Supply Chain Attacks Actually Work and How Teams Are Stopping Them

AI can help teams create and send emails faster, but it cannot fix poor deliverability. (Sponsor)

If your domain has a weak reputation or your warmup is incomplete, even great outreach lands in spam.

Warmy.io uses behavioral AI to warm your domain, improve sender reputation, and monitor deliverability in real time. Use AI across your workflow, but make sure your email foundation is working first.

Test your deliverability

Modern software isn’t written anymore—it’s assembled.

Every npm install pulls in dozens—sometimes hundreds—of dependencies. And at the center of that ecosystem is npm—a system built on speed, convenience… and trust.

But over the past few weeks, that trust has been repeatedly broken.

This month alone, the npm ecosystem has seen a wave of real, active, self-propagating attacks:

• A malicious version of a widely used CLI tool impersonating Bitwarden quietly stole cloud credentials and then republished infected packages using the victim’s own access

• A fresh campaign of worm-like npm packages spread by stealing developer tokens during install scripts

• Attackers even hijacked the maintainer account of the massively popular Axios library, injecting a dependency that installed a remote access trojan across macOS, Linux, and Windows

And perhaps most concerning: these attacks are no longer isolated. They are designed to spread.

Modern npm malware doesn’t just infect your machine—it:

• steals your credentials

• uses your access to publish new malicious packages

• and silently propagates across the ecosystem

This is the rise of the self-propagating supply chain worm.

From Breaking Code to Becoming Dependencies

Attackers used to look for vulnerabilities in your application.

Now they look for vulnerabilities in your dependencies.

Because if they can get malicious code into a package you trust, they don’t need to hack you—you’ll install them yourself.

All it takes is:

npm install

…and the attack begins.

What’s Really Happening During an Attack

Let’s walk through a realistic scenario.

You install a package. It looks legitimate—maybe even widely used.

Behind the scenes, this happens:

npm install
→ lifecycle script executes (postinstall, preinstall)
→ environment is scanned
→ credentials are harvested
→ data is exfiltrated
→ attacker reuses tokens
→ compromised packages are published
→ infection spreads to others

This is how a supply chain attack becomes a self-propagating worm.

Why this works so well

• Lifecycle hooks run automatically
  Scripts like preinstall and postinstall execute without explicit approval

• Secrets are easy to find
  Common targets:

  • .npmrc

  • .env

  • ~/.aws/

  • .ssh/

• Tokens are powerful
  A stolen npm token can publish packages as you

• Dependency graphs amplify impact
  One compromised package can cascade across thousands of apps

This isn’t theoretical—it’s exactly how recent attacks have spread.

Where Teams Are Most Exposed

Most people assume this is a “developer laptop” issue.

It’s not. It’s systemic.

Your real attack surface looks like this:

Local development

• Cached credentials

• SSH keys