While the below email only mentions OpenSearch, hundreds of packages across NPM & PyPi were affected in the last two days, see: https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
-------- Forwarded Message -------- Subject: [siren] [Security Advisory] Severity: CRITICAL - Malicious Compromise of OpenSearch Pre-Release npm Packages Date: Tue, 12 May 2026 14:46:33 -0700 From: Christopher Robinson via lists.openssf-vuln.org <[email protected]> Reply-To: [email protected], [email protected] To: [email protected] Title: Malicious Compromise of OpenSearch Pre-Release npm Packages Date: 12 May 2026 Severity: Critical ## Overview On May 11, the [OpenSearch Project](https://opensearch.org/) Node Package Manager (npm) publishing infrastructure was compromised as part of a broader npm supply chain attack campaign. While the incident was limited to the JavaScript client repository, compromised credentials were used to publish inauthentic OpenSearch prerelease artifacts containing malicious packages. The malicious packages were identified and removed from the npm repository as of 11:00 p.m. EDT on May 11, 2026. At this time, the impacted versions are limited to the following prerelease packages: - 3.5.3 - 3.6.2 - 3.7.0 - 3.8.0. Anyone who downloaded or installed these versions within the described window should immediately follow the remediation guidance in this advisory. As an additional precautionary measure, the project has blocked all write permissions on the project repositories until all credentials are rotated. We estimate this process will be complete on May 13, 2026. Based on currently available evidence, the activity appears consistent with tactics associated with the broader “Mini Shari Halud” supply chain campaign targeting npm ecosystem projects and CI/CD publishing infrastructure. ## Affected Versions ### OpenSearch Project| Version | Published UTC | Published America/New_York | |------|------------------------------|-------------------------------| | 3.5.3 | 2026-05-12T00:47:39.185Z | May 11, 2026, 8:47:39 PM EDT | | 3.6.2 | 2026-05-12T00:29:34.210Z | May 11, 2026, 8:29:34 PM EDT | | 3.7.0 | 2026-05-12T00:42:29.686Z | May 11, 2026, 8:42:29 PM EDT | | 3.8.0 | 2026-05-12T00:43:54.445Z | May 11, 2026, 8:43:54 PM EDT | ## RemediationAny computer that installed or executed these package versions: 0000 UTC 12 May 2026 / 8:30 PM EDT 11 May 2026 and 0300 UTC 12 May 2026 / 11:00 PM EDT 11 May 2026 should be treated as potentially fully compromised pending forensic investigation. All secrets and keys stored on that computer should be rotated immediately from an alternate system. The affected packages should immediately be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. ## Immediate Recommended Actions Because compromised publishing credentials were used to distribute malicious artifacts through legitimate package infrastructure, downstream consumers should treat these package versions as trusted-channel supply chain compromises rather than ordinary malicious downloads. Organizations should review: - CI/CD dependency caches - Artifact repositories - Build pipelines - Developer workstations - Container images - Software bills of materials (SBOMs) to identify whether affected versions were introduced into development or production environments. Organizations and users should take the following actions immediately: ### 1. Isolate Potentially Affected Systems Disconnect affected systems from the network Prevent further communication with internal infrastructure and cloud services Preserve logs and forensic artifacts where possible ### 2. Rotate Credentials and Secrets Immediately rotate from a separate trusted system: - Cloud credentialsCI/CD tokens - npm authentication tokens - GitHub/GitLab credentials - SSH keys - API keys - Kubernetes secrets - Signing keys and release credentials Assume any credentials accessible from the compromised machine may have been exfiltrated. ### 3. Remove and Rebuild - Remove the affected package versions immediately - Rebuild systems from known-good sources where feasible - Validate dependencies and lockfiles before redeployment Because arbitrary code execution may have occurred, simply uninstalling the package may not fully remediate the compromise. ### 4. Review CI/CD and Repository Activity Projects should immediately: - Audit CI/CD workflows and automation credentials - Review repository permissions and force-push access - Inspect recent commits, tags, and release artifacts - Review npm publication logs and maintainer activity - Rotate signing and publishing credentials ### 5. Monitor for Secondary Compromise Watch for: - Unexpected outbound network connections - New SSH authorized keys - Unauthorized GitHub Actions workflow changes - Suspicious npm publications - Credential reuse attempts - Persistence mechanisms or scheduled tasks ## Additional Recommendations for Maintainers This incident highlights the growing trend of attackers targeting software supply chains through CI/CD systems and package publication workflows. Projects are strongly encouraged to: - Enforce least-privilege access to CI/CD systems - Require MFA for package publishing - Protect release branches and tags - Eliminate unnecessary force-push permissions - Use ephemeral build credentials where possible - Monitor release pipelines for anomalous behavior - Conduct regular audits of automation tokens and repository permissions Projects aligned with the OpenSSF OSPS Baseline are materially better positioned to reduce the likelihood and impact of this class of attack through stronger controls around automation security, secrets management, code review, and release governance. ## References and Additional Information - Snyk analysis of related npm ecosystem compromises [blog](https://snyk.io/blog/tanstack-npm-packages-compromised/) - OpenSSF [OSPS Baseline](https://baseline.openssf.org/) - OWASP npm security [best practices](https://cheatsheetseries.owasp.org/cheatsheets/NPM_Security_Cheat_Sheet.html) - [GHSA](https://github.com/opensearch-project/opensearch-js/security/advisories/GHSA-27f5-xjrr-q9ff) The investigation remains ongoing. Additional indicators of compromise (IOCs), forensic details, and remediation guidance may be published as more information becomes available. Please share this advisory broadly with downstream consumers, CI/CD administrators, security teams, and affected development communities. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#8): https://lists.openssf-vuln.org/g/siren/message/8 Mute This Topic: https://lists.openssf-vuln.org/mt/119288087/8539914 Group Owner: [email protected] Unsubscribe: https://lists.openssf-vuln.org/g/siren/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
