Compromised OpenSearch Pre-Release npm Packages in Supply Chain Attack

On May 12, 2026, a supply chain attack was disclosed affecting multiple npm and PyPi packages, including pre-release versions of OpenSearch. The attackers compromised these packages by injecting malicious code, potentially impacting developers and users who installed the affected versions. This incident highlights the increasing risk of supply chain attacks targeting open-source software repositories. The compromised packages could allow attackers to execute arbitrary code on systems where the packages were installed, leading to data theft, system compromise, or further propagation of malware. This incident is part of a broader campaign referred to as “Mini Shai Hulud” which targeted hundreds of packages. Defenders should prioritize identifying and removing affected packages from their environments.

Attack Chain

1. Attacker compromises developer accounts or package maintainer credentials.
2. Malicious code is injected into the OpenSearch pre-release npm packages.
3. Compromised packages are published to the npm and PyPi repositories.
4. Developers or automated build systems download and install the infected packages as part of their build process using npm install or pip install.
5. The malicious code executes on the developer’s machine or build server, potentially establishing a reverse shell or downloading further payloads.
6. The malicious code might inject itself into other project dependencies or build artifacts.
7. Applications built with the compromised packages are deployed to production environments, infecting end-user systems.
8. Attackers gain remote access to infected systems, enabling data exfiltration, lateral movement, and other malicious activities.

Impact

This supply chain attack could impact a large number of developers and users who rely on the compromised OpenSearch pre-release packages. Successful exploitation allows attackers to execute arbitrary code on affected systems, leading to data breaches, system compromise, and potentially widespread disruption. Hundreds of packages were affected across NPM and PyPi. The impact could range from minor inconvenience to severe data loss and reputational damage.

Recommendation

• Implement strict dependency management policies, including the use of package lockfiles (package-lock.json, yarn.lock, Pipfile.lock) to ensure consistent and verifiable builds.
• Utilize software composition analysis (SCA) tools to identify and remediate vulnerable dependencies in your projects.
• Monitor network connections originating from build servers and development environments for suspicious activity using the “Detect Suspicious Outbound Connection from Build Server” Sigma rule below.
• Consider implementing sandboxing or containerization technologies to isolate build processes and limit the impact of compromised dependencies.
• Audit your existing npm and PyPi dependencies for the compromised packages identified in the Wiz.io and Socket.dev blog posts.
• Deploy the “Detect Suspicious Package Installation” Sigma rule to detect potentially malicious package installation commands.