threat-wire

Supply Chain Worm Spreads From npm Into the Go Ecosystem

The Shai-Hulud supply chain attack, also tracked as Miasma, has hit a fresh batch of npm packages and crossed into the Go ecosystem for the first time. It steals developer credentials and CI/CD secrets, then uses them to poison more packages automatically. Any business that builds software on npm or Go should check its pipelines.

By SecureBusinessHub Editorial, International cybersecurity desk — 2026-06-28 · 5 min read

The supply chain worm known as Shai-Hulud, and tracked by some vendors as Miasma, is still moving. Researchers at Socket flagged a fresh wave this week that poisoned npm packages from LeoPlatform and RStreams, abused GitHub Actions, and for the first time reached into the Go ecosystem through the Verana Blockchain project. The packages affected are tied to cloud and serverless workloads, the kind a small team pulls in without a second thought.

The goal has not changed: steal developer and maintainer credentials, then use them to push trojanised package versions and spread further. One npm maintainer account tied to LeoPlatform was breached, likely through leaked credentials, and the attacker pushed poisoned versions inside a six-second window.

What the malware does on a build machine

The npm packages skip the usual lifecycle hook and instead use a binding.gyp file to run code during installation. That launches a loader, installs the Bun runtime if it is missing, and starts a stealer that scrapes secrets, credentials, and tokens from the machine. Before it runs, the malware checks the system locale and quietly stops on Russian-language machines, and it looks for endpoint security software, both common tells of a crew trying to avoid certain targets and certain defences.

It also drops a GitHub Actions workflow named 'Run Copilot' to lift CI/CD secrets straight from runner memory, then uploads the haul to a public GitHub repository. As of writing, 559 repositories carry the attacker's tell-tale description, 'Alright Lets See If This Works'.

A separate strand hit the codfish/semantic-release-action GitHub Action. On 24 June the attacker force-pushed a malicious commit and repointed version tags at it. Any workflow that ran against those tags afterwards executed the payload, which steals GitHub OIDC tokens and personal access tokens, then tries to back-door other repositories the stolen credentials can reach.

The Go twist works differently. There is no install hook. The risk is opening the cloned repository in an IDE or AI coding assistant, where the project configuration triggers the payload. Same campaign, new doorway.

• Search your dependency tree for affected LeoPlatform and RStreams npm packages, and treat any version bumped in the last few days as suspect until you confirm it.
• Audit GitHub Actions for a workflow named 'Run Copilot' that you did not add, and for tags on third-party actions that were repointed after 24 June.
• Rotate any npm tokens, GitHub OIDC and personal access tokens, and AWS keys that a compromised runner could have touched.
• Pin third-party GitHub Actions to a full commit SHA rather than a moving tag, so a repointed tag cannot pull in new code.

The researchers at JFrog put the danger plainly: the Leo and RStreams set is tied to cloud-native and serverless workloads, so a single compromise can expose developer laptops, build systems, AWS-backed applications, repositories, and every team downstream that installs the poisoned package.

Microsoft, AWS, and the large vendors can absorb this. The businesses that get hurt are small teams who pull a popular npm or Go package into a product and never look at what their build runner can reach. The payload is not exotic. The reach is the problem.

• Socket: Miasma hits LeoPlatform npm packages and the Go ecosystem
• StepSecurity: codfish/semantic-release-action compromise
• The Hacker News: Miasma malware targets npm and GitHub Actions