Root Cause Analysis: Shai-Hulud 2.0
Postman Security knows that trust begins with transparency. So we are following up (as promised!) on the Shai Halud attack we first posted about on Nov 24, 2025.
No Postman or customer data was impacted in this incident.
What happened?
On November 24, 2025, 17 public Postman NPM packages were hijacked by the “Shai-Hulud” worm. These infected versions were published to NPM, and infected packages were available for download for about six hours until the final one was unpublished.
These infected NPM packages were the only impact of the compromise; no versions of the Postman web or client app were infected, nor were any of our production systems. Due to our segmented environments, no customer data was accessible to the worm at any point.
How did it happen?
- 2025-11-23 16:03:47 PT: Initial compromise of dependent libraries, affecting AsyncAPI packages that some Postman services depend on.
- 2025-11-23 21:00:00 PT: An automated build was triggered for a repository that lacked an appropriate NPM lockfile, which allowed the installation of the compromised AsyncAPI packages in our GitHub Actions pipelines.
- One of the secrets available to this build was an NPM token with publish rights to a number of Postman packages, 17 of which lacked the “Require two-factor authentication and disallow tokens” setting.
- The worm was able to leverage that token to publish three infected versions of each over the next fifteen minutes, further spreading the worm.
- 2025-11-24 00:04:55 PT: Internal reports came in of anomalous publishing activities, and our internal investigation began.
- 2025-11-24 00:31:52 PT: Bot token leveraged by the worm was identified, and all tokens associated with that account were revoked.
- 2025-11-24 02:11:00 PT: Analysis of our NPM packages was complete and the 17 infected packages were identified and acted on:
- The 13 packages that could be unpublished by Postman were unpublished.
- The remaining four had public dependencies and could not be unpublished by Postman due to NPM restrictions; they were instead marked as deprecated, and NPM support was contacted to unpublish.
- 2025-11-24 07:56:25 PT: NPM Support unpublished the remaining compromised versions.
What we have already done to prevent attacks like this from happening again:
- Securing package management: In the aftermath of the attack we restricted write access to packages to four NPM org admins, and enforced the “Require two-factor authentication and disallow tokens” setting across all packages. We were already in the final stages of beginning rollout of the OIDC based Trusted Publishers, and were able to make that available to all development teams to re-enable publishing going forward. With this in place, our official @postman NPM package can only be published from their associated workflow.
- Hardening our supply chain: We are actively scanning our Node repositories for correct lockfiles to ensure builds cannot be poisoned in this way again with an infected latest version.
- Hardening our endpoints:
- Blocklists were added for all currently known malware-associated hashes. In addition, we implemented a detection rule to prevent execution of files named setup_bun.js or bun_environment.js, as the malware has been observed modifying file hashes while retaining consistent filenames.
- Blocked exfiltration domains webhook[.]site and oast[.]pro via Cloudflare.
What we are planning to do to further reduce the risk of supply chain compromise
- Hardening our supply chain:
- Enforcing a minimum age for updated packages either via pnpm/yarn or by enforcing a private registry.
- Establishing secure and consistent processes for all dependency updates.
- Detections for anomalous behavior:
- Monitor and block unsanctioned outbound connections from pipelines.
Breaches that could involve customer data are taken extremely seriously at Postman. We are proud to be able to react quickly based on investments in Security and People, and provide transparent actions so that you can rely on our infrastructure to protect your most precious assets.