SAP npm Packages Compromised in Sophisticated Supply Chain Attack
Key Takeaways
- ▸Four SAP npm packages with 1.2M+ monthly installs were compromised with malicious preinstall hooks that execute before package installation
- ▸The attack steals developer credentials and uses stolen GitHub Actions tokens to establish persistent, self-replicating CI/CD footholds in victims' repositories
- ▸Attackers injected two new files into legitimate version bumps: setup.mjs (Bun runtime dropper) and execution.js (11MB obfuscated credential stealer)
Summary
On April 29, 2026, attackers compromised four SAP npm packages—@cap-js/db-service, @cap-js/sqlite, @cap-js/postgres, and mbt (Cloud MTA Build Tool)—by injecting malicious preinstall hooks containing credential-stealing payloads. The packages, which together receive over 1.2 million monthly installs and are core to SAP's ecosystem, were poisoned with code that downloads a Bun runtime and executes an 11MB obfuscated credential extraction script. Over 1,000 repositories were compromised within hours of the attack.
The attack operates in two stages: first, a setup script downloads Bun v1.3.13 from GitHub and executes code that steals GitHub OAuth tokens, npm automation tokens, AWS access keys, and Azure/GCP credentials from developers' machines. Second, in GitHub Actions environments, the attacker leverages stolen workflow-scoped tokens to commit malicious files directly to victims' own repositories, including a VS Code tasks.json that re-triggers the attack on every repository open, establishing a persistent CI/CD foothold.
The compromise of multiple maintainer accounts (cap-npm and sap_extncrepos for @cap-js packages; shimit and cloudmtabot for mbt) indicates account-level breach of SAP's npm publisher credentials. The attacker left a distinctive marker—"A Mini Shai-Hulud has Appeared"—committed to every poisoned repository, enabling tracking across GitHub.
- Over 1,000 repositories were poisoned within three hours, affecting enterprises running SAP packages in production CI/CD pipelines
Editorial Opinion
This supply chain attack exploits a fundamental vulnerability in npm's preinstall hook system—code executed before any package verification or sandboxing. The attackers' ability to use stolen GitHub Actions tokens to create persistent, self-replicating CI/CD compromises across victims' own repositories represents a new level of supply chain sophistication. The impact on SAP's enterprise customer base underscores the urgent need for npm ecosystem hardening, including mandatory package signature verification, preinstall hook sandboxing, and immediate credential rotation for all affected organizations.
