This is an ongoing incident and updates will be provided as more information is confirmed.
Update (Sep 16, 2025)
The Snyk security team is aware of this ongoing supply chain attack and is actively investigating, analyzing, and curating threats and risks resulting from this extended npm compromised packages attack. We recommend you refer to the Snyk product findings as an up-to-date resource.
TL;DR (Sep 15, 2025)
On September 15, 2025, multiple malicious versions of the **ngx-bootstrap** and **ng2-file-upload**npm packages were published and then quickly pulled. Those releases embedded a **postinstall** script (**bundle.js**) that attempted to harvest developer tokens (e.g., npm, GitHub, cloud credentials) and exfiltrate secrets. Treat any system that installed these versions as fully compromised: remove the package, rotate all secrets from a separate, trusted machine, and investigate for lateral movement. GitHub has posted a malware advisory for ngx-bootstrap and ng2-file-upload; no patched version exists for the tampered builds because they were removed.
Since the initial ngx-bootstrap findings, malware signals have also extended to the @ctrl/tinycolor npm package downloaded at more than 2 million times a week and compromising more npm packages under the @ctrl, and @nativescript-community namespaces and other individual packages.
What is **ngx-bootstrap** and why this matters
ngx-bootstrap is a popular Angular component library that wraps Bootstrap UI components for Angular apps. It’s widely used in front-end projects, CI builds, and developer workstations, meaning a malicious install script can run during routine npm install, with access to developer machines and local credentials. The official repo is maintained by Valor Software.
What we know so far
Affected packages are likely 100s
The attack has further advanced to compromise other packages beyond ngx-bootstrap and @ctrl/tinycolor and includes more organization namespaces such as packages belonging to the cybersecurity company Crowdstrike under the npm package namespace @crowdstrike and others.
The following is not meant to be an exhaustive list but rather a reference. We always advise you to refer to the Snyk product, scan results, and reporting for an up-to-date and comprehensive list of all malicious packages and versions.
Broader affected packages include:
@ctrl/deluge =7.2.1,=7.2.2
@ctrl/magnet-link =4.0.3,=4.0.4
@nativescript-community/ui-material-bottomsheet =7.2.72
@nativescript-community/ui-pulltorefresh =2.5.4,=2.5.5,=2.5.6,=2.5.7
@nativescript-community/sqlite =3.5.2,=3.5.3,=3.5.4,=3.5.5
@nativescript-community/ui-material-tabs =7.2.72,=7.2.73,=7.2.74,=7.2.75
ngx-trend =8.0.1
react-jsonschema-form-conditionals =0.3.21
rxnt-healthchecks-nestjs =1.0.5
@crowdstrike/commitlint =8.1.1,=8.1.2
@crowdstrike/foundry-js =0.19.1,=0.19.2
@crowdstrike/logscale-file-editor =1.205.1,=1.205.2
@crowdstrike/logscale-search =1.205.1,=1.205.2
@nativescript-community/perms =3.0.5,=3.0.6,=3.0.7,=3.0.8,=3.0.9
encounter-playground =0.0.5
json-rules-engine-simplified =0.2.4
koa2-swagger-ui =5.11.1,=5.11.2
@nativescript-community/sentry =4.6.43
@nativescript-community/ui-collectionview =6.0.6
@nativescript-community/text =1.6.9,=1.6.10,=1.6.11,=1.6.12,=1.6.13
@nativescript-community/arraybuffers =1.1.6,=1.1.7,=1.1.8
@nativescript-community/ui-pager =14.1.35,=14.1.36,=14.1.37,=14.1.38
@nativescript-community/ui-drawer =0.1.30
@nativescript-community/typeorm =0.2.30,=0.2.31,=0.2.32,=0.2.33
@nativescript-community/ui-image =4.5.6
@nativescript-community/ui-material-core =7.2.72,=7.2.73,=7.2.74,=7.2.75,=7.2.76
@nativescript-community/ui-material-core-tabs =7.2.72,=7.2.73,=7.2.74,=7.2.75,=7.2.76
ngx-color =10.0.1,=10.0.2
ngx-toastr =19.0.1,=19.0.2
react-complaint-image =0.0.35
react-jsonschema-form-extras =1.0.4
rxnt-authentication =0.0.6
rxnt-kue =1.0.7
swc-plugin-component-annotate =1.9.1,=1.9.2
ts-gaussian =3.0.5,=3.0.6
@crowdstrike/falcon-shoelace =0.4.1,=0.4.2
@crowdstrike/glide-core =0.34.2,=0.34.3
@crowdstrike/logscale-dashboard =1.205.1,=1.205.2
@crowdstrike/logscale-parser-edit =1.205.1,=1.205.2
@crowdstrike/tailwind-toucan-base =5.0.1,=5.0.2
@ctrl/torrent-file =4.1.1,=4.1.2
@ctrl/transmission =7.3.1
@ctrl/ngx-emoji-mart =9.2.1,=9.2.2
@ctrl/qbittorrent =9.7.1,=9.7.2
@ctrl/ts-base32 =4.0.1,=4.0.2
@ctrl/ngx-codemirror =7.0.1,=7.0.2
@ctrl/shared-torrent =6.3.1,=6.3.2
@ctrl/ngx-rightclick =4.0.1,=4.0.2
@ctrl/golang-template =1.4.2,=1.4.3
Affected ngx-bootstrap package and versions
Community reports documented that the following **ngx-bootstrap** versions contained the malicious postinstall hook invoking **bundle.js**:
20.0.4, 20.0.5, 20.0.619.0.318.1.4
Additionally, 20.0.3 reportedly contained bundle.js but without a postinstall declaration. The same report notes the affected versions were removed from npm shortly after discovery.
Note: At the time of writing, the npm package page shows only current, non-impacted versions; the malicious ones were unpublished.
Community reports also flagged **ng2-file-upload** as “looking affected,” but details are thinner; keep an eye on dependency trees that include Valor Software packages and validate installed versions.
Timeline (UTC)
-
2025-09-15 — Community report opens on
valor-software/ngx-bootstrapidentifying maliciouspostinstall/bundle.jsin new versions; notes token exfiltration attempts and that affected versions were pulled from npm. -
2025-09-15 — GitHub Advisory Database posts GHSA-6m4g-vm7c-f8w6 for
ngx-bootstrap(“Malware”), with guidance to treat installing hosts as compromised.
(We will update as new, verifiable facts emerge from maintainers/registries.)
Impact assessment
- Who’s affected? Developers, CI agents, and endpoints that installed one of the listed versions, or pulled them via transitive deps during the window they were available.
-
What could be exposed? Developer environment secrets and tokens (npm, GitHub), and potentially cloud credentials (AWS/GCP/etc.) based on the behavior described in
bundle.js. - Additionally, an indicator of compromise (IoC) is attributed to a new GitHub Actions workflow named
shai-hulud, created by the malware. - Severity: Critical (malicious code execution at install time; credential theft/exfiltration). GitHub’s advisory explicitly instructs a full compromise response.
How to detect 0-day npm malware with Snyk?
Snyk features a Zero-Day report as part of the dashboard in the Snyk app. If you're on an Enterprise plan, you can use this view to filter the report and select the relevant zero-day for this npm malware attack or specific CVEs you wish to track and gain a system-wide view of the impact for this tinycolor / ngx-bootstrap or other dependencies across your applications and monitored code repositories.
Detection & triage playbook
- Identify exposure quickly
* Check whether your environment pulled impacted versions:
+ `npm ls ngx-bootstrap` (per project)
+ Review lockfiles (`package-lock.json`, `pnpm-lock.yaml`, `yarn.lock`) for `ngx-bootstrap@18.1.4`, `19.0.3`, `20.0.4–20.0.6`, and note any installs performed on/after **2025-09-15**.
* Inspect `node_modules/ngx-bootstrap/package.json` for a `**postinstall**` entry, and look for a `**bundle.js**` file in the package root if you maintain vendor archives/caches
- Halt script execution during incident response
* Reinstall with scripts disabled to prevent any remaining lifecycle hooks from running:
+ `npm ci --ignore-scripts` or `npm install --ignore-scripts`
+ You can also set `ignore-scripts=true` in `.npmrc`
- Forensic checks
* Review **outbound connections** from build agents/developer hosts at install time windows.
* Audit **GitHub** (access token lists, recent security logs), **npm** tokens, and **cloud provider** credential usage for anomalies. Audit GitHub Actions.
* Treat any host that ran an impacted version install as compromised per GitHub Advisory guidance.
Immediate containment & remediation
- Remove impacted versions
* Delete `node_modules` and lockfiles referencing malicious versions; **reinstall** pinned, known-good versions.
* Clear any private registries/caches/artifacts that might still hold the bad tarballs.
- Rotate secrets from a clean machine
* **GitHub:** revoke personal access tokens/SSH keys; rotate fine-grained tokens; review OAuth app/device authorizations.
* **npm:** revoke registry tokens.
* **Clouds (AWS/GCP/etc.):** rotate access keys/service account keys and invalidate any long-lived credentials.
- Rebuild/redeploy
* After rotation, rebuild from clean environments with lifecycle scripts disabled initially, then re-enable as needed.
- User/tenant communications
* If you distribute software built during the window, notify downstreams and advise upgrades/rebuilds.
On supply chain security attacks
This comes along with a few other recent security incidents of this nature. We’ve seen CI and maintainer-account attacks allowing release hijacks before:
-
The ESLint/Prettier maintainers compromise (July 2025): Phishing + typosquatting (
npnjs.com) harvested npm credentials and pushed malware to popular packages, another reminder to harden maintainer accounts with 2FA. - Weaponizing AI Coding Agents for Malware in the Nx Malicious Package Security Incident (August 2025)
- npm Supply Chain Attack via Open Source maintainer compromise (September 2025)
Top comments (0)