Why npm Keeps Getting Compromised: A Deep Dive into the Latest node‑ipc Supply‑Chain Attack

On May 14, 2026 three malicious versions of the node‑ipc package were released on npm, aiming to steal developers' cloud credentials, SSH keys, and AI‑tool configurations. The incident illustrates a recurring supply‑chain risk in the npm ecosystem.

Incident Recap: How a Timed Bomb Was Triggered

Event Timeline

The attacker account atiertant (email [email protected]) published three malicious versions simultaneously:

node‑[email protected] – fictional version, no CommonJS build on the 9.x branch.

node‑[email protected] – same note as 9.1.6.

node‑[email protected] – high‑precision attack targeting specific victims.

The package receives about 822,000 downloads per week and over 10,000,000 cumulative downloads . Installing it without a locked version ( npm install node‑ipc) automatically loads the malicious code via require('node‑ipc') with no trigger conditions.

Malicious Payload Analysis

The payload is an 80,079‑byte obfuscated IIFE appended to node‑ipc.cjs (line 1271). Its execution flow consists of four stages:

Stage 1: Configuration Decoding

// Custom Base‑16 encoded C2 configuration
// Decodes to:
 r: 'sh.azurestaticprovider.net:443', // C2 address (masquerading as Azure)
 k: 'qZ8pL3vNxR9wKmTyHbVcFgDsJaEoUi', // HMAC key
 z: 'bt.node.js', // request identifier

Stage 2: Targeted Fingerprint (12.0.1 only)

Version 12.0.1 includes a SHA‑256 fingerprint check that compares the hash of the current module path. Only systems whose path hash matches the pre‑set value execute the full payload; other systems exit silently.

Stage 3: Credential Theft

The payload attempts to exfiltrate more than 90 types of sensitive data, including:

Cloud credentials : ~/.aws/credentials, ~/.azure/accessTokens.json, ~/.config/gcloud/credentials.db SSH keys : ~/.ssh/id_rsa, ~/.ssh/id_ed25519, /etc/ssh/ssh_host_*_key AI tool configs : ~/.claude.json, ~/.claude/mcp.json, .kiro/settings/mcp.json Infrastructure‑as‑code : ~/.terraform.d/credentials.tfrc.json, **/terraform.tfvars CI/CD workflows : **/.github/workflows/*.yml, **/.gitlab-ci.yml Shell history : ~/.bash_history, ~/.zsh_history Stage 4: Dual‑Channel Data Exfiltration

HTTPS exfiltration – compresses data with gzip and POSTs to sh.azurestaticprovider.net.

DNS TXT exfiltration – encodes data in DNS queries to bypass enterprise DNS monitoring.

Historical Re‑enactment: Why npm Says It "Cannot Prevent"

This Is Not the First Time

In March 2022, versions 10.1.1 and 10.1.2 of node‑ipc delivered the peacenotwar payload, creating a USE_PEACE_NOT_WAR folder in users' home directories and deleting system files under certain conditions.

Structural Defects of npm

Three core problems make npm uniquely vulnerable:

Problem 1: Default execution of arbitrary code – npm runs preinstall, install, and postinstall scripts on npm install, granting any downloaded package full execution rights under the current user.

Problem 2: Long‑inactive maintainer accounts – The original author stopped maintaining node‑ipc after publishing 12.0.0 on 2024‑08‑12; 21 months later the attacker gained maintainer rights and pushed the malicious releases. Orphan packages with high download counts become hunting grounds.

Problem 3: No review period for version publishing – Publishing three versions covering different semver ranges simultaneously faced no blocking mechanism; the releases were stopped only after a security researcher manually reported them.

Compared with ecosystems such as Go or Rust, which have stricter standard libraries and build toolchains, npm’s deep dependency trees increase both the frequency and impact of supply‑chain attacks.

Blue‑Team Perspective: What We Can Do

Immediate Investigation

Run the following commands if your project uses node‑ipc:

# Check direct dependency version
npm ls node‑ipc

# Search lockfile for affected versions
grep -E '"node‑ipc".*"(9\.1\.6|9\.2\.3|12\.0\.1)"' package‑lock.json

# List all transitive dependencies
npm list node‑ipc --all

If affected versions are found, assume credentials are compromised and take these actions:

Rotate all credentials used on the affected systems (AWS keys, SSH keys, GitHub tokens, etc.).

Inspect CI/CD logs for outbound network activity.

Check for temporary payload files in $TMPDIR/nt‑*.

Look for the environment variable __ntw=1 indicating the daemon process.

Building Detection Rules

Example SIEM queries (Splunk SPL):

# Detect installation of affected versions
index=npm_logs event_type=install (version="9.1.6" OR version="9.2.3" OR version="12.0.1")
| stats count by host, user, version, timestamp

# Detect C2 domain access
index=network_logs dest_domain="sh.azurestaticprovider.net" OR dest_ip="37.16.75.69"
| stats count by src_ip, dest, timestamp

# Detect anomalous DNS exfiltration queries
index=dns_logs src_ip!=10.0.0.0/8 query="*.bt.node.js"
| stats count by src_ip, query, timestamp

Long‑Term Defense Strategy

Depth‑in‑defense across three layers :

Build‑time

Enable npm config set ignore‑scripts true to block automatic script execution.

Prefer npm ci over npm install to enforce lockfile fidelity.

Deploy a private npm registry (e.g., Verdaccio) with mandatory security reviews.

Use package analysis tools such as Socket.dev or Snyk before installation.

Runtime

Restrict outbound network traffic from CI/CD environments to only required endpoints.

Enable EDR monitoring for npm install activity on developer workstations.

Run builds inside isolated containers.

Operations

Establish npm package monitoring to track health of dependencies.

Flag high‑risk packages (unmaintained, high download count, suspicious scope).

Integrate supply‑chain security into vulnerability response processes with dedicated incident channels.

Conclusion

Each npm supply‑chain incident is followed by statements that the issue is "unpreventable," yet the community quickly resumes npm install, trusting deep dependency trees. The recurring nature of these attacks highlights the need for a serious discussion of npm’s structural security problems.