Between 2026-05-11 20:19 UTC and 22:56 UTC, an attacker used a compromised npm publish token to publish 18 malicious versions of @beproduct/nestjs-auth (0.1.2 through 0.1.19). The packages contained payloads from the Mini Shai-Hulud npm supply-chain worm campaign described by Aikido Security.
npm Security removed the malicious versions from the registry shortly after publication, but anyone who ran npm install @beproduct/nestjs-auth resolving to any version in the affected range during that window executed the malicious postinstall script and is potentially compromised.
Version 0.1.20 is a clean republish from the original 0.1.1 source tree.
The postinstall payload attempted to harvest:
~/.npmrc)gho_*), and Actions OIDC tokens~/.aws/credentials)Exfiltration target: https://filev2.getsession.org. The worm also wrote persistence artefacts (tanstack_runner.js, router_init.js, setup.mjs, plus IDE-hook configurations in .claude/ and .vscode/) into the developer's working tree where the malicious install ran.
| Type | Value |
|---|---|
| File name (payload) | tanstack_runner.js, router_init.js, router_runtime.js |
| SHA-256 (tanstack_runner.js) | 2ec78d556d696e208927cc503d48e4b5eb56b31abc2870c2ed2e98d6be27fc96 |
| SHA-256 (router_init.js) | ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c |
| Exfil endpoint | filev2.getsession.org |
| Cloud metadata probe | 169.254.169.254/latest/meta-data/iam/security-credentials/ |
| npm token endpoint | registry.npmjs.org/-/npm/v1/tokens |
| Vault probe | vault.svc.cluster.local:8200 |
| IDE hook pattern | .claude/settings.json SessionStart hook + .vscode/tasks.json runOn: "folderOpen" running node .claude/setup.mjs or node .vscode/setup.mjs |
If you installed any version in the range >=0.1.2 <=0.1.19:
bash
npm uninstall @beproduct/nestjs-auth
npm cache clean --forcebash
npm install @beproduct/[email protected]https://www.npmjs.com/settings/<you>/tokens)https://github.com/settings/applications + https://github.com/settings/tokens).claude/ or .vscode/ directories — the worm is known to commit setup.mjs + hook configs to PR branches via automated agent runtimes.| Time | Event |
|---|---|
| 2026-05-11 20:19:43 | First malicious version (0.1.2) published |
| 2026-05-11 22:56:39 | Final malicious version (0.1.19) published — 18 versions in 2h37m |
| 2026-05-12 ~14:12 | npm Security removes the malicious versions from the registry |
| 2026-05-13 | BeProduct discovers the incident via Aikido's public disclosure |
| 2026-05-14 | Compromised npm publish token revoked; BeProduct GitHub OAuth credentials rotated |
| 2026-05-14 | Clean release 0.1.20 published; this advisory filed |
The compromised npm publish token was harvested by a Mini-Shai-Hulud-infected transitive dependency in an automated GitHub coding-agent runtime that had read access to the NPM_TOKEN GitHub Actions secret for an unrelated repository under the same npm publisher account. The publish itself was performed by the attacker against the public npm registry; the source repository for this package was not modified by the attacker.
No EPSS score in this advisory JSON.
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 10.0 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-6xwp-cp5h-q856 ↗ |
| CVE | CVE-2026-46412 ↗ |
| CWE id | Name |
|---|---|
| CWE-506 | Embedded Malicious Code |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| npm | @beproduct/nestjs-auth | >= 0.1.2, <= 0.1.19 | — | — |