←back to thread

Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised

(socket.dev)

1208 points jamesberthoty | 1 comments | 16 Sep 25 11:22 UTC | HN request time: 0.203s | source

A lot of blogs on this are AI generated and such as this is developing, so just linking to a bunch of resources out there:

Socket:

- Sep 15 (First post on breach): https://socket.dev/blog/tinycolor-supply-chain-attack-affect...

- Sep 16: https://socket.dev/blog/ongoing-supply-chain-attack-targets-...

StepSecurity – https://www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-p...

Aikido - https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-...

Ox - https://www.ox.security/blog/npm-2-0-hack-40-npm-packages-hi...

Safety - https://www.getsafety.com/blog-posts/shai-hulud-npm-attack

Phoenix - https://phoenix.security/npm-tinycolor-compromise/

Semgrep - https://semgrep.dev/blog/2025/security-advisory-npm-packages...

Show context

g42gregory ◴[16 Sep 25 17:55 UTC] No.45265531[source]▶

>>45260741 (OP) #

Are Python packaging systems like pip exposed to the same risks?

Is anybody looking at this?

replies(3): >>45265655 #>>45265941 #>>45268254 #

1. cpburns2009 ◴[16 Sep 25 21:23 UTC] No.45268254[source]▶

As much as I prefer Python over JavaScript, Python is vulnerable to this sort of attack. All it would take is a compromised update publishing only a source package, and hooking into any of setuptools's build or install steps. Pip's build isolation is only intended for reproducible builds. It's not intended to protect against malicious code.

PyPI's attestations do nothing to prevent this either. A package built from a compromised repository will be happily attested with malicious code. To my knowledge wheels are not required.