Hackers Can Bypass Npm’s Shai-Hulud Defenses via Git Dependencies

The Shai‑Hulud supply‑chain incident in September 2025 forced the JavaScript ecosystem to double down on protective measures, culminating in the so‑called PackageGate safeguards. Those defenses were designed to block script execution from untrusted sources, especially when developers employ the `--ignore‑scripts` flag during installations. However, the newly uncovered Git dependency loophole demonstrates how a seemingly innocuous `.npmrc` configuration can hijack the Git binary path, effectively sidestepping npm’s own security checks and re‑enabling malicious code execution.

Technical analysis shows that the vulnerability hinges on npm’s permissive handling of Git URLs. When a package is fetched directly from a repository, npm reads configuration files present in the repository’s root. A crafted `.npmrc` can redefine the `git` command to point to a malicious wrapper, which then runs arbitrary payloads—even if lifecycle scripts are disabled. This method has already been used to spawn reverse shells, confirming its practicality. In contrast, alternative package managers such as pnpm, vlt, and Bun responded swiftly, releasing patches for CVE‑2025‑69263 and CVE‑2025‑69264 and updating to version 1.3.5 respectively, thereby closing similar attack vectors.

The broader industry impact is significant. npm powers the majority of Node.js projects, meaning any systemic flaw can cascade across countless applications and services. GitHub’s recommendation to enforce lockfile integrity, disable lifecycle scripts, and adopt granular access tokens with two‑factor authentication reflects a shift toward defense‑in‑depth. Until npm aligns its response with the community’s expectations, organizations must treat Git‑based dependencies as high‑risk and consider alternative registries or stricter vetting processes to safeguard their software supply chain.