Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised
jamesberthoty Tuesday, September 16, 2025A lot of blogs on this are AI generated and such as this is developing, so just linking to a bunch of resources out there:
Socket:
- Sep 15 (First post on breach): https://socket.dev/blog/tinycolor-supply-chain-attack-affect...
- Sep 16: https://socket.dev/blog/ongoing-supply-chain-attack-targets-...
StepSecurity – https://www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-p...
Aikido - https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-...
Ox - https://www.ox.security/blog/npm-2-0-hack-40-npm-packages-hi...
Safety - https://www.getsafety.com/blog-posts/shai-hulud-npm-attack
Phoenix - https://phoenix.security/npm-tinycolor-compromise/
Semgrep - https://semgrep.dev/blog/2025/security-advisory-npm-packages...
Summary
The article reports that hackers compromised the npm accounts of the maintainers of the 'ctrl', 'tinycolor', and 40 other popular npm packages, potentially exposing millions of users to malware. The incident highlights the risks of supply chain attacks and the importance of securing open-source software dependencies.
1,046
849
Summary
stepsecurity.io