Critical npm Supply Chain Attack Targeting Developer Credentials

What happened

A new supply chain attack has been identified within the Node Package Manager (npm) ecosystem, targeting developer environments through compromised third-party packages.

Security researchers from Socket and StepSecurity discovered that multiple packages published by Namastex Labs were injected with malicious code. These packages are widely used in AI tooling and backend database operations, making them high-value targets for attackers.

The malicious code is designed to steal sensitive developer credentials, including API keys, cloud tokens, SSH keys, and CI/CD secrets. It also attempts to collect additional data from local environments and browsers where possible.

Unlike typical malware campaigns that aim for mass infection, this attack focuses on trusted development workflows. Once a compromised package is installed, it can silently execute and spread further by republishing infected versions using exposed npm publishing tokens.

Because of this propagation behavior, the attack can expand across the ecosystem if compromised credentials are available, making it particularly dangerous in automated development pipelines.

Who is affected

• Developers using npm packages, especially those related to:
  • AI agent tooling
  • Backend services and databases
• Organizations with CI/CD pipelines
• Systems storing credentials in environment variables or .npmrc

Affected packages include:

• @automagik/genie (4.260421.33–4.260421.39)
• pgserve (1.1.11–1.1.13)
• @fairwords/websocket (1.0.38–1.0.39)
• @fairwords/loopback-connector-es (1.4.3–1.4.4)
• @openwebconcept/theme-owc (1.0.3)
• @openwebconcept/design-tokens (1.0.3)

Risk level

Critical

This attack includes credential theft and self-propagation, increasing its impact significantly.

What to do

1. Remove affected packages immediately
2. Rotate all credentials (API keys, tokens, SSH keys, cloud credentials)
3. Audit CI/CD pipelines and environments
4. Check internal caches and mirrors
5. Monitor for suspicious activity

Analysis

What stands out about this attack is how quietly it fits into normal developer workflows. It does not rely on flashy exploits. Instead, it abuses trust in everyday tools like npm packages and CI/CD pipelines.

Instead of going after end users directly, the attackers are clearly aiming at developers and automated build systems. That is a smart move because these environments often contain sensitive credentials that can unlock much larger systems.

The self-propagation aspect is what makes this particularly worrying. Once a compromised account is involved, the attack can quietly spread through new package releases without raising immediate suspicion. That kind of chain reaction is hard to detect early.

It also reflects a broader shift in modern attacks. Instead of breaking systems, attackers are blending into the software supply chain itself and exploiting the trust developers rely on every day.

Overall, this is less about a single malware event and more about how fragile software ecosystems become when trust is compromised at the source.