SAP npm packages compromised in Mini Shai-Hulud attack targeting developer secrets
6 min. read 
Published on
A new supply chain attack has compromised SAP-related npm packages used by developers and enterprise build systems. The campaign, called Mini Shai-Hulud, injected malicious npm preinstall scripts into trusted packages so the malware could run automatically during dependency installation.
The affected packages include @cap-js/[email protected], @cap-js/[email protected], @cap-js/[email protected], and [email protected]. These packages are tied to SAP Cloud Application Programming Model and Cloud MTA build workflows, which means the attack can reach both developer machines and CI/CD pipelines.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
The malware downloads the Bun JavaScript runtime during installation and uses it to run a large obfuscated payload named execution.js. That runtime switch makes the campaign stand out because many npm security checks focus mainly on Node.js behavior.
What happened
The malicious versions added a preinstall hook inside package.json. When a developer or CI system ran npm install, the hook launched setup.mjs, which downloaded Bun and started the main credential-stealing payload.
SAP’s public GitHub activity shows that an unauthorized actor pushed malicious commits that hijacked the release workflow and triggered unauthorized npm publications. The proposed fix separates release automation from npm publishing and adds a manual approval gate before packages can go live.
That detail matters because this was not just a malicious package uploaded under a random name. The compromised versions came through legitimate SAP-related packages used in real development workflows.
At a glance
| Item | Details |
|---|---|
| Campaign name | Mini Shai-Hulud |
| Main target | SAP-related npm packages |
| Affected ecosystem | SAP CAP and Cloud MTA build workflows |
| Attack method | Malicious npm preinstall hook |
| Loader file | setup.mjs |
| Main payload | execution.js |
| Runtime used | Bun |
| Main risk | Developer, cloud, GitHub, npm, and CI/CD secret theft |
| Exfiltration method | Attacker-controlled public GitHub repositories |
Affected packages
| Package | Compromised version | Why it matters |
|---|---|---|
@cap-js/sqlite | 2.2.2 | Used in SAP CAP database workflows |
@cap-js/postgres | 2.2.2 | Used by SAP CAP projects with PostgreSQL |
@cap-js/db-service | 2.10.1 | Core database service package for CAP |
mbt | 1.2.48 | Used by SAP Cloud MTA Build Tool workflows |
Why the Bun runtime matters
Most npm malware runs directly through Node.js. Mini Shai-Hulud changes that pattern by using setup.mjs as a bootstrapper, downloading Bun, and launching the main payload through that runtime.
This matters because security tools may look for suspicious Node.js execution during package installation. A sudden Bun download inside a package that did not previously need Bun gives defenders a useful detection signal.
Researchers described the payload as a large obfuscated credential stealer and propagation framework. Its goal was not only to steal secrets from one machine, but also to spread through developer and release workflows.
What the malware tries to steal
The payload targets developer credentials, GitHub tokens, npm tokens, GitHub Actions secrets, and cloud secrets from AWS, Azure, GCP, and Kubernetes. This makes the attack especially dangerous for build servers and release systems.
The campaign also looks for secrets in local development environments. That can include browser data, environment variables, SSH material, Docker credentials, Terraform credentials, and other files commonly found on developer machines.
Stolen data is encrypted and pushed through attacker-controlled public GitHub repositories. Several researchers reported repositories using the description A Mini Shai-Hulud has Appeared, which became one of the clearest campaign indicators.
Why CI/CD pipelines face serious risk
CI/CD systems often hold stronger credentials than normal developer machines. A build runner may contain npm publishing tokens, GitHub organization access, cloud deployment keys, Kubernetes service account tokens, container registry credentials, and production environment variables.
If one of the compromised packages ran inside a pipeline, teams should treat the environment as exposed. Rotating only npm tokens will not be enough because the malware searches for several types of secrets.
The campaign also includes self-propagation logic. If the malware finds npm tokens with enough permissions, it can identify other packages under the same maintainer account, patch them with malicious files, and publish poisoned versions.
What teams should do now
Security teams using SAP CAP or Cloud MTA tooling should check lockfiles, dependency caches, CI logs, build artifacts, and internal package registries for the affected versions.
- Search for
@cap-js/[email protected],@cap-js/[email protected],@cap-js/[email protected], and[email protected]. - Check for unexpected
setup.mjsandexecution.jsfiles. - Review CI logs for Bun downloads during
npm install. - Rotate GitHub, npm, cloud, Kubernetes, Docker, SSH, and deployment credentials.
- Audit GitHub repositories for unexpected public repos or suspicious workflow changes.
- Block the affected package versions in internal registries.
- Disable npm lifecycle scripts in CI where projects do not need them.
- Add manual approval gates to package publishing workflows.
Key indicators to watch
The strongest file indicators are setup.mjs and execution.js inside affected package versions. The shared loader hash reported by researchers is:
4066781fa830224c8bbcc3aa005a396657f9c8f9016f9a64ad44a9d7f5f45e34
Other useful indicators include unexpected Bun downloads, public GitHub repositories with the description A Mini Shai-Hulud has Appeared, suspicious .claude/settings.json files, suspicious .vscode/tasks.json files, and commits that appear to automate dependency updates.
Wider campaign activity
Wiz later reported that two more packages had been trojanized: [email protected] on npm and [email protected] and [email protected] on PyPI. That suggests Mini Shai-Hulud may not be limited to the original SAP-related packages.
The campaign has also been linked to TeamPCP-style activity. Researchers pointed to technical overlaps with earlier operations, including install-time execution, GitHub-based exfiltration, and propagation through compromised developer workflows.
For enterprises, the lesson is clear. Package installation is now a high-risk execution path, especially when a dependency runs in CI/CD environments with privileged access.
FAQ
Mini Shai-Hulud is a supply chain attack that uses malicious npm package releases to steal developer and CI/CD secrets. It uses a Bun-based payload and first appeared in SAP-related packages.
The confirmed compromised versions are @cap-js/[email protected], @cap-js/[email protected], @cap-js/[email protected], and [email protected].
The affected packages use a malicious npm preinstall hook. During installation, setup.mjs runs, downloads Bun, and launches the obfuscated execution.js payload.
Researchers say the malware targets GitHub tokens, npm tokens, GitHub Actions secrets, cloud credentials, Kubernetes secrets, browser credentials, and local developer secrets.
No. Teams should rotate every secret that could have been exposed from affected developer machines or CI/CD runners, including GitHub, cloud, Kubernetes, Docker, SSH, and deployment credentials.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages