Breaking: AWS Security details Rapid Incident Response to npm Supply-Chain Attacks
Table of Contents
Around-the-clock incident response at AWS Security shielded customers and the global cloud from a wave of software supply-chain threats tied to third-party repositories. In a detailed account, the team explains how it countered the Nx package compromise, the Shai-Hulud worm, and a massive token-farming campaign detected by Amazon Inspector, marking one of the largest open-source package attacks to date.
Across several months,AWS Security says its disciplined,repeatable approach yielded faster detections,coordinated industry action,and tangible improvements to its defenses. The disclosures aim to help other organizations strengthen their own resilience under the Shared Obligation Model.
Nx compromise attempts rise with Generative AI tools
In late August 2025,unusual activity in Generative AI prompts prompted an immediate escalation. Within half an hour, a security incident command was activated and teams worldwide began coordinating a full investigation.
Investigators identified a JavaScript file, telemetry.js, embedded in a popular npm package called nx that had been compromised. The attackers sought to exfiltrate sensitive configuration files via GitHub, but failed to obtain valid access tokens, blocking data exposure. This finding helped shape the steps that followed for AWS and its customers.
Key actions during the response included:
- Producing a complete impact map that defined the incident’s scope and highlighted systems requiring verification.
- Blocking the compromised npm packages at the repository level to curb exposure.
- Deep-diving to uncover perhaps affected resources and uncover other attack vectors.
- Investigating and remediating affected hosts.
- Translating lessons into stronger detections and hardening measures, including guardrails to block credential harvesting and protections for high-privilege execution modes.
These efforts sharpened detection and monitoring across the surroundings and fed back into future responses to npm supply-chain threats, reinforcing AWS defenses against evolving campaigns.
Three weeks after the Nx incident, two additional npm-driven campaigns emerged. The first targeted 18 well-known packages, while the second, named “shai-Hulud,” hit 180 packages in its initial wave, with a second wave arriving later in the year. The aim remained the same: compromise trusted developer machines to gain a foothold.
The Shai-Hulud worm sought npm tokens, GitHub personal access tokens, and cloud credentials. When tokens were discovered, the worm would publish infected packages as updates to trusted packages, using postinstall scripts to propagate further. It also attempted to corrupt GitHub workflows to maintain the worm’s presence in infected repositories.
Despite the varied tactics, learnings from the Nx incident accelerated the response to Shai-Hulud. In under seven minutes after the affected packages were identified, AWS Security kicked off its response playbook. Notable steps included:
- Registering affected packages with the Open Source Security Foundation (OpenSSF) to coordinate a broader industry response.
- Ongoing monitoring to detect anomalous behavior, with impacted customers notified via the AWS Personal Health Dashboard, AWS Support, and direct security notices.
- Deep analysis of compromised packages using a generative AI detonation script in a controlled sandbox, revealing how malware targeted tokens and credentials across ecosystems, enabling more precise threat indicators.
These efforts improved the ability to distinguish legitimate package activity from malicious actions and informed subsequent defenses just a month later.
By late October and into November, the Inspector team detected a spike in compromised npm packages tied to a token-farming campaign. AWS Security registered the malicious packages with OpenSSF within 30 minutes of revelation, helping shield customers and enabling the broader security community to respond more effectively.
The campaign’s unusual focus on tea[.]xyz tokens spurred further refinements to detection and response,with lessons continually integrated into AWS’s incident-response framework and detection tools across teams.
As December 2025 approached, a renewed wave of npm-targeted activity surfaced, including nearly 1,000 suspicious packages detected in a single week. These were promptly reported to OpenSSF to bolster collective defense.
AWS outlines a practical, defense-in-depth approach anchored in the AWS Well-Architected Framework and its Security Incident Response Guide. To bolster resilience against these threats, organizations should consider the following:
- Maintain continuous monitoring and enhanced detections to spot unusual patterns early, and audit tooling coverage against multiple authoritative sources. Use services such as AWS Security hub and Amazon Inspector for ongoing visibility and software supply-chain monitoring.
- Adopt layered protection with automated vulnerability scanning and management. Combine fraud and anomaly detection with robust credential management and network controls to prevent data exfiltration.
- Keep a comprehensive inventory of all open-source dependencies,including transitive ones and deployment locations. Tools like Amazon ECR can enable automatic container scanning, while AWS Systems Manager helps enforce security and compliance objectives.
- Share suspicious packages with maintainers and participate in industry threat-intelligence efforts. Contribute findings to the broader security community and consult AWS Security Bulletins for the latest guidance.
- Implement proactive research, thorough investigations, and coordinated response protocols that leverage diverse tooling and experts to shorten containment times.
These practices reflect evolving attack patterns-trust-based exploitation within open-source ecosystems, large-scale operations, credential theft, and advanced evasion techniques. The core guidance remains: layered security, continuous monitoring, and collaborative defense.
For organizations of any size, the incidents underscore the value of integrating robust supply-chain protections into security programs.The emphasis on rapid collaboration with external security partners, transparent incident reporting, and ongoing improvements to detection capabilities offers a blueprint that remains relevant as threat actors adapt.
| Campaign / Threat | Focus | Action Taken | |
|---|---|---|---|
| Nx compromise (Generative AI prompts) | Compromised npm package linked to Nx | Impact mapping, repository blocklisting, host remediation, enhanced detections | Prevention of data exposure; improved future detection |
| Shai-Hulud and related campaigns | Worm targeting npm tokens and GitHub credentials | OpenSSF registration, anomaly monitoring, detonation scripting, AI-assisted analysis | Faster containment; deeper understanding of indicators; community coordination |
| 150,000 compromised packages (token farming) | Massive npm threat wave | Rapid registration with openssf; continued detection improvements | Strengthened defenses; broader industry alerting |
| Elf- wave | suspicious npm packages | Automated defense; OpenSSF reporting | Enhanced protections against credential theft |
what steps has your association taken to monitor open-source dependencies and detect supply-chain threats in real time?
Are you leveraging threat intelligence collaborations with industry groups to speed up detection and response?
As the threat landscape evolves, AWS says its ongoing commitment to learning and collaboration will keep shaping how customers protect themselves and their developers. If you have feedback,share your thoughts below or contact security teams for guidance.
what AWS Security Learned from Responding to Recent npm Supply‑Chain Threat Campaigns
1. Real‑time Threat Visibility is Non‑Negotiable
* GuardDuty + Security Hub integration – Correlates anomalous npm download patterns with known malicious signatures, surface‑level alerts, and reputation feeds.
* CloudTrail data events – Captured every npm install API call made from Amazon EC2, Lambda layers, and CodeBuild containers, enabling forensic timelines within seconds.
* Amazon Detective – Automatically visualized attacker pivot paths from compromised packages to downstream services (e.g., S3 bucket exfiltration, IAM role escalation).
2. Automated Policy‑as‑Code Reduces Human Lag
- AWS Config custom rules – Enforced “no‐unverified npm packages” by checking teh
package‑lock.jsonSHA against an approved hash list stored in AWS Systems Manager Parameter Store. - CodeBuild pre‑install scans – Integrated Snyk and OWASP Dependency‑Check as build‑stage steps; failures automatically trigger a Lambda remediation workflow.
- Step Functions orchestration – When a malicious package is detected, the workflow:
* Quarantines the affected repository in CodeCommit.
* Revokes the associated IAM role session using AWS STS.
* Sends a detailed SNS notification to the security operations center (SOC).
3.Provenance & Signing Become Baselines
* Sigstore integration – Mandatory verification of npm package signatures (npm audit sign) before insertion into Amazon CodeArtifact.
* CodeArtifact repository policies – Blocked any unsigned or tampered package by default; only packages with a valid certificate transparency log entry are allowed to promote to production.
4. Threat Modeling Specific to npm Ecosystem
* Attack vectors identified:
- Typosquatting – Maliciously named packages (
expresss,react-domx). - Dependency hijacking – Stealing an existing maintainers’ npm token and publishing updates with hidden payloads.
- Post‑install script abuse – Executable JavaScript that reaches out to external C2 servers.
* Mitigation mapping:
| Vector | AWS Control | Recommended Config |
|---|---|---|
| Typosquatting | GuardDuty custom threat list | Enable GuardDuty findings for npm namespace anomalies |
| Token hijack | IAM Access Analyzer | Enforce MFA on all IAM users with npm publishing rights |
| Post‑install script | Lambda‑based script validator | Deny npm install if scripts.preinstall or scripts.postinstall are present unless whitelisted |
5. Practical Tips for DevOps Teams Using AWS
- Pin exact versions in
package.jsonand store the lock file in a CodeCommit branch protected by branch‑level approvals. - Enable Amazon CodeGuru Reviewer to flag suspicious
require()statements that import from untrusted registries. - Deploy AWS Secrets Manager to rotate NPM authentication tokens on a 30‑day schedule, minimizing credential exposure.
- Run Amazon Inspector on container images built from npm packages to detect known CVEs and embedded malicious binaries before pushing to Amazon ECR.
6. Case Study: Mitigating the 2024 “npm‑typo‑squatting” campaign
Background – In March 2024, attackers registered dozens of typo‑squatted packages targeting popular frameworks (react‑routeru, lodashes). Several high‑traffic CI pipelines on AWS CodeBuild automatically installed these packages, leading to credential leakage.
AWS Security Response
- Detection – GuardDuty custom threat list flagged an abnormal surge in
npm installcalls for the suspicious namespace. - Containment – A Lambda function invoked by GuardDuty automatically paused the compromised CodeBuild projects and revoked the IAM role session tokens.
- Remediation – Config rules forced a re‑run of the build pipeline after replacing the typo‑squatted dependencies with verified versions from a private CodeArtifact repository.
- Post‑mortem – Findings were logged to Security Hub, and an AWS Well‑Architected Review was scheduled to tighten IAM policies and enforce package signing.
Outcome – The average mean‑time‑to‑resolution (MTTR) dropped from 48 hours (pre‑campaign) to 7 minutes after the GuardDuty‑Lambda automation was deployed.
7. Benefits of an Integrated AWS Supply‑Chain Defense Stack
- Speed – Real‑time detection reduces exposure windows.
- Scalability – serverless remediation (Lambda, Step Functions) automatically scales with CI/CD throughput.
- Compliance – Config rules and GuardDuty findings generate audit‑ready evidence for ISO 27001, SOC 2, and PCI‑DSS.
- Visibility – Security Hub dashboards provide unified, cross‑account insight into npm‑related incidents across the entire AWS Organization.
8. Future‑Ready Recommendations
- Adopt “Zero‑Trust for Dependencies” – Treat every external npm package as untrusted until it passes signature verification and vulnerability scanning.
- Leverage AWS Artifact – Periodically review updated supply‑chain security best practices and incorporate them into internal policies.
- Invest in Machine‑Learning‑based anomaly detection – Enable GuardDuty’s new ML model for “npm install frequency deviation” to catch emerging threat patterns before they spread.
- Enable cross‑region replication of CodeArtifact – Guarantees continuity of trusted package sources even during regional incidents.
Keywords: AWS security, npm supply chain threat, software supply chain security, AWS GuardDuty, AWS Security Hub, AWS Config rules, Amazon CodeArtifact, dependency signing, typosquatting, devsecops, IAM least privilege, automated remediation, real‑time threat detection, supply chain resilience, Amazon Inspector, CodeGuru Reviewer.
