SAP NPM Packages Targeted in Supply Chain Attack
A supply chain attack named Mini Shai-Hulud targeted four SAP NPM packages related to the SAP Cloud Application Programming (CAP) ecosystem. Malicious preinstall scripts in these packages fetched and executed a Bun binary, bypassing security monitoring. The injected malware steals local credentials and various cloud and developer tokens, exfiltrating them via public GitHub repositories. The compromised packages were available for 2-4 hours before being unpublished and replaced with clean versions. The attack is linked to the TeamPCP threat actor and exploited a compromised NPM token exposed via CircleCI. Organizations using SAP CAP, SAP Business Technology Platform workflows, or MTA-based deployment pipelines should verify if they installed the affected package versions during the exposure window.
AI Analysis
Technical Summary
The Mini Shai-Hulud supply chain attack injected malicious preinstall hooks into four SAP NPM packages (mbt 1.2.48, @cap-js/db-service 2.10.1, @cap-js/postgres 2.2.2, and @cap-js/sqlite 2.2.2) used in SAP's Cloud Application Programming ecosystem. These hooks downloaded and executed a Bun binary from a GitHub repository, enabling the malware to steal local credentials and cloud secrets including AWS, Azure, GCP, GitHub Action, Kubernetes tokens, and more. The stolen data was exfiltrated through public GitHub repositories with a specific marker. The malware also propagated by modifying package tarballs and publishing them using stolen GitHub Actions tokens. The attack likely originated from a compromised NPM token exposed via CircleCI pull request builds. The malicious versions were live for a short window (2-4 hours) before being unpublished and replaced with clean versions. The incident is attributed to the TeamPCP group based on cryptographic evidence.
Potential Impact
The attack compromises developer environments and build pipelines by injecting malicious code into widely used SAP NPM packages, potentially exposing sensitive credentials and cloud secrets. This can lead to unauthorized access to cloud resources, source code repositories, and deployment workflows. The short exposure window limited the spread, but organizations using affected SAP CAP packages during that time risked credential theft and supply chain compromise. The malware's propagation mechanism could further spread the infection within development ecosystems.
Mitigation Recommendations
The malicious package versions were unpublished within hours and replaced with clean versions. Organizations should verify if they installed the affected package versions (mbt 1.2.48, @cap-js/db-service 2.10.1, @cap-js/postgres 2.2.2, @cap-js/sqlite 2.2.2) during the exposure window and update to the clean versions immediately. Review and rotate any potentially exposed credentials, tokens, and secrets related to affected environments. Audit build and deployment pipelines for unauthorized modifications or token exposures, especially those involving CircleCI and GitHub Actions. Follow vendor advisories and security bulletins from SAP and related security researchers for further updates.
SAP NPM Packages Targeted in Supply Chain Attack
Description
A supply chain attack named Mini Shai-Hulud targeted four SAP NPM packages related to the SAP Cloud Application Programming (CAP) ecosystem. Malicious preinstall scripts in these packages fetched and executed a Bun binary, bypassing security monitoring. The injected malware steals local credentials and various cloud and developer tokens, exfiltrating them via public GitHub repositories. The compromised packages were available for 2-4 hours before being unpublished and replaced with clean versions. The attack is linked to the TeamPCP threat actor and exploited a compromised NPM token exposed via CircleCI. Organizations using SAP CAP, SAP Business Technology Platform workflows, or MTA-based deployment pipelines should verify if they installed the affected package versions during the exposure window.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Mini Shai-Hulud supply chain attack injected malicious preinstall hooks into four SAP NPM packages (mbt 1.2.48, @cap-js/db-service 2.10.1, @cap-js/postgres 2.2.2, and @cap-js/sqlite 2.2.2) used in SAP's Cloud Application Programming ecosystem. These hooks downloaded and executed a Bun binary from a GitHub repository, enabling the malware to steal local credentials and cloud secrets including AWS, Azure, GCP, GitHub Action, Kubernetes tokens, and more. The stolen data was exfiltrated through public GitHub repositories with a specific marker. The malware also propagated by modifying package tarballs and publishing them using stolen GitHub Actions tokens. The attack likely originated from a compromised NPM token exposed via CircleCI pull request builds. The malicious versions were live for a short window (2-4 hours) before being unpublished and replaced with clean versions. The incident is attributed to the TeamPCP group based on cryptographic evidence.
Potential Impact
The attack compromises developer environments and build pipelines by injecting malicious code into widely used SAP NPM packages, potentially exposing sensitive credentials and cloud secrets. This can lead to unauthorized access to cloud resources, source code repositories, and deployment workflows. The short exposure window limited the spread, but organizations using affected SAP CAP packages during that time risked credential theft and supply chain compromise. The malware's propagation mechanism could further spread the infection within development ecosystems.
Mitigation Recommendations
The malicious package versions were unpublished within hours and replaced with clean versions. Organizations should verify if they installed the affected package versions (mbt 1.2.48, @cap-js/db-service 2.10.1, @cap-js/postgres 2.2.2, @cap-js/sqlite 2.2.2) during the exposure window and update to the clean versions immediately. Review and rotate any potentially exposed credentials, tokens, and secrets related to affected environments. Audit build and deployment pipelines for unauthorized modifications or token exposures, especially those involving CircleCI and GitHub Actions. Follow vendor advisories and security bulletins from SAP and related security researchers for further updates.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/sap-npm-packages-targeted-in-supply-chain-attack/","fetched":true,"fetchedAt":"2026-04-30T14:36:22.905Z","wordCount":1080}
Threat ID: 69f368e6cbff5d8610edbc8c
Added to database: 4/30/2026, 2:36:22 PM
Last enriched: 4/30/2026, 2:36:42 PM
Last updated: 4/30/2026, 3:40:20 PM
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.