Full Report
Shai-Hulud worm exploited exactly this. Better late than never, says everyone except the malware authors
Analysis Summary
# Vulnerability: npm Automatic Install-Script Execution (Design Flaw)
## CVE Details
- **CVE ID**: N/A (Ecological design flaw/policy change)
- **CVSS Score**: N/A (High Impact Architectural Flaw)
- **CWE**: CWE-78 (Improper Neutralization of Special Elements used in an OS Command), CWE-829 (Inclusion of Functionality from Untrusted Control Sphere)
## Affected Systems
- **Products**: npm (Node Package Manager)
- **Versions**: All versions prior to npm v12.0.0 (default behavior). Version 11.10.0 through 11.16.x contains the mitigation features but they are not enabled by default.
- **Configurations**: Any environment running `npm install` without the `--ignore-scripts` flag.
## Vulnerability Description
By default, npm has historically executed lifecycle scripts (preinstall, install, postinstall) automatically for all packages in a dependency tree. This creates a massive attack surface where a single compromised transitive dependency can execute arbitrary code on a developer’s machine or a CI/CD runner. This design flaw was famously exploited by the "Shai-Hulud" worm and numerous other supply chain attacks where malicious code was embedded in these scripts to steal credentials or environment variables.
Additionally, a secondary flaw involves the `--allow-git` flag, which allowed a malicious `.npmrc` file to potentially override the Git executable path to achieve arbitrary code execution.
## Exploitation
- **Status**: Exploited in the wild (e.g., Shai-Hulud worm and various malicious "typosquatting" packages).
- **Complexity**: Low
- **Attack Vector**: Network (Supply Chain via registry)
## Impact
- **Confidentiality**: High (Can leak environment variables, SSH keys, and source code)
- **Integrity**: High (Can modify local files or build artifacts)
- **Availability**: High (Can delete files or lock systems via ransomware)
## Remediation
### Patches
- **npm v12.0.0+ (Upcoming July 2026)**: Updates the following security defaults:
- Scripts will no longer run automatically (requires `allow-scripts` permission).
- `--allow-git` defaults to **off**.
- `allow-remote` defaults to **none** (blocks downloads from remote URLs during install).
### Workarounds
- **Upgrade to npm v11.10.0+**: These versions include the `allow-scripts` and `min-release-age` features as opt-in flags.
- **Manual Configuration**: Set `ignore-scripts=true` in your `.npmrc` file.
- **Pre-emptive Migration**: Users of npm v11.16 should manually enable these flags now to prepare for the v12 breaking change.
- **Alternative Managers**: Use pnpm, Yarn Berry, Bun, or Deno, which already block these scripts by default.
## Detection
- **Indicators of Compromise**:
- Unexpected network outbound traffic during `npm install`.
- Modification of `.env` files or unexpected changes in the `node_modules` directory.
- **Detection methods and tools**:
- Audit `package.json` for unfamiliar `preinstall` or `postinstall` scripts.
- Use `npm-audit` to identify known malicious packages.
- Use the `min-release-age` setting to block versions published too recently (a common sign of "brandjacking").
## References
- GitHub Community Discussion: hxxps[:]//github[.]com/orgs/community/discussions/198547
- npm RFC 868: hxxps[:]//github[.]com/npm/rfcs/pull/868
- pnpm Security Documentation: hxxps[:]//pnpm[.]io/