SAP Npm Package Attack Highlights Risks in Developer Tools and CI/CD Pipelines

The recent “mini Shai‑Hulud” campaign has put the SAP JavaScript ecosystem under the microscope. By publishing malicious versions of popular npm packages such as mbt@1.2.48 and several @cap‑js modules on April 29, threat actors injected pre‑install code that activates the moment a developer runs npm install. The attack demonstrates how a single compromised dependency can instantly reach thousands of downstream projects, turning the open‑source supply chain into a rapid delivery vehicle for credential‑stealing malware.

Researchers traced the breach to two distinct weaknesses. First, the @cap‑js packages abused a mis‑configured npm OIDC trusted‑publishing flow, allowing the malicious tarball to be signed and distributed as a legitimate update. Second, the mbt package relied on a static npm token that the attackers harvested and reused. Once installed, the code harvested GitHub, npm, and cloud provider tokens—AWS, Azure, GCP, and Kubernetes—encrypting the data and exfiltrating it to repositories created from the victim’s own accounts. A further persistence layer leveraged VS Code’s .vscode/tasks.json and Claude Code’s .claude/settings.json files, executing whenever the infected repo opened.

For CISOs the incident is a wake‑up call that developer workstations have become the new master key. Traditional perimeter controls protect production environments, yet the same rigor is rarely applied to local IDEs, token storage, or CI/CD pipelines. Organizations should enforce short‑lived tokens, enable npm’s two‑factor publishing, and monitor OIDC configurations for drift. Emerging AI‑driven supply‑chain risk platforms, which 46 % of enterprises plan to adopt within two years, can add behavioral analytics to detect anomalous token usage before attackers pivot further.