The npm Threat Landscape: Attack Surface and Mitigations (Updated May 20)

Wednesday, May 20, 2026 at 07:30 PM UTC·Source: Unit 42 (Palo Alto)

Updated: Wednesday, May 20, 2026 at 08:00 PM UTC

Executive Summary

Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attack Surface and Mitigations (Updated May 20) appeared first on Unit 42 .

Analysis

Source Attribution

Originally published by Unit 42 (Palo Alto) on May 20, 2026.

Related Threats

LOWSupply Chain

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of the incident first emerged on May 19, when GitHub said it was investigating “unauthorized access.” Hours later, the company’s X account confirmed the worst: “Yesterday we detected and contained a compr

4h agoCSO Online

MEDIUMSupply Chain

Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem

Mini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to date

5h agoInfosecurity Magazine

MEDIUMSupply Chain

GitHub says internal repositories were taken in poisoned VS Code extension attack

GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the growing risks facing software development platforms and the ecosystems built around third-party developer tools. The Microsoft-owned company said in posts on X that it detected and contained the […] The

5h agoCyberScoop