SAP npm package attack highlights risks in developer tools and CI/CD pipelines
Summary
A supply chain attack called "mini Shai-Hulud" compromised npm packages (code libraries hosted on npm, a JavaScript package repository) used in SAP development, injecting malware that stole developer credentials and cloud secrets during installation. The attackers exploited configuration gaps in npm's OIDC trusted publishing (a system that verifies package publishers) and used stolen credentials to add malicious GitHub Actions workflows (automated tasks in code repositories) and persist through developer tool configuration files, treating developer workstations as entry points to compromise the entire software supply chain.
Classification
Affected Vendors
Related Issues
Original source: https://www.csoonline.com/article/4165420/sap-npm-package-attack-highlights-risks-in-developer-tools-and-ci-cd-pipelines.html
First tracked: April 30, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 85%