GitLab Discovers Widespread npm Supply Chain Attack
GitLab Threat Insights reveals extensive and automated npm supply chain attack aimed at exfiltrating developer credentials through malicious JavaScript packages.
GitLab Uncovers Major npm Supply Chain Threat
In a recent development, the GitLab Threat Insights Team has identified a substantial and ongoing supply chain attack targeting the JavaScript and Node.js ecosystem via the npm package manager. This newly uncovered operation involves thousands of malicious packages that seem automated and are designed to exfiltrate sensitive environment data such as tokens, credentials, and configuration files.
This discovery underscores how open-source ecosystems continue to be high-value targets for attackers. Upon further investigation, the GitLab team discovered obfuscated scripts and base64-encoded payloads within package installation routines — potentially allowing attackers to harvest credentials from affected systems silently and persistently.
These malicious packages exploit the trust developers place in published open-source components. They rely heavily on mimicry of popular package names through typosquatting techniques. Once installed, the hostile code begins to extract confidential files such as .env, .bash_history, .ssh configurations, and IDE-specific settings.
GitLab has reported the issue to GitHub and npm maintainers, who have initiated package removals and takedown procedures. In addition, GitLab’s secure software development practices, Threat Insights automation, and community partnerships were instrumental in identifying and counteracting this campaign.
This incident further validates GitLab’s commitment to DevSecOps and highlights the necessity for organisations to adopt an integrated and proactive approach to security, especially as software supply chains grow more complex and vulnerable to manipulation.
Get Expert Support
If your organisation depends on npm packages for development, now is the time to evaluate your software supply chain security. IDEA GitLab Solutions is a Select GitLab Partner offering professional services, licensing, and consultancy across the UK, Czech Republic, Slovakia, Serbia, Croatia, Slovenia, Macedonia, Israel, South Africa, and Paraguay. Our experienced experts can help you identify risks, implement security scanners, and adopt GitLab’s comprehensive DevSecOps capabilities for full lifecycle protection.
Tags:GitLabnpmsupply chain attackDevSecOpsmalicious packagessoftware securityopen-source vulnerabilitiesThreat Insightstyposquatting
Other languages:ČeštinaSlovenčinaHrvatskiSrpski (Latinica)Српски (Ћирилица)
- GitLab Detects Malicious MongoDB Go Module in Supply Chain Defence
- A Developer’s Guide to Building Secure Retail Applications with GitLab
- GitLab Uncovers Theft Campaign Targeting Bittensor Tokens via PyPi Repository
- Understanding the Challenges of Securing the Software Supply Chain
- GitLab Advances on Secure by Design Pledge One Year On