Red Hat NPM Supply Chain Attack Explained: How to Protect Your Side Projects

By /

If you run npm install without thinking twice — and let’s be honest, most of us do — this one’s going to make you uncomfortable.

On June 1, 2026, security researchers at StepSecurity discovered that 32 official npm packages under Red Hat’s @redhat-cloud-services scope had been compromised. Not by some random typosquatter. Not by a sketchy package with 12 downloads. By Red Hat — one of the most trusted names in open source.

The attack, dubbed “Miasma: The Spreading Blight,” is one of the most sophisticated supply chain attacks we’ve seen in the npm ecosystem. And if you’re a solo developer or side-hustle builder who relies on npm packages, you need to understand what happened and what you can do about it.

What Actually Happened

Here’s the chain of events, simplified:

  1. A Red Hat employee’s GitHub account was compromised. We don’t know exactly how yet — phishing, credential reuse, session hijack — but the attacker got in.
  2. The attacker injected malicious GitHub Actions workflows into three RedHatInsights repositories: frontend-components, javascript-clients, and platform-frontend-ai-toolkit.
  3. These workflows published backdoored package versions to npm — with valid SLSA provenance attestations. That means they looked completely legitimate, even to tools designed to verify supply chain integrity.
  4. The malware ran automatically on npm install via a preinstall hook. No user interaction required. Just installing the package was enough.

The result: 96 compromised versions across 32 packages, with over 116,000 accumulated downloads before discovery.

Why This Attack Is Different

Supply chain attacks aren’t new. We’ve seen typosquatting, dependency confusion, and compromised maintainer accounts before. But Miasma raised the bar in several alarming ways.

It Was a Self-Propagating Worm

This is the scary part. The malware didn’t just steal your credentials and phone home. It used your stolen npm tokens — and npm’s bypass_2fa parameter — to automatically republish backdoored versions of other packages you have access to. Each infected machine could seed the next wave of compromises without any further attacker involvement.

Read that again. Your machine gets infected. Your npm token gets stolen. Now your packages get backdoored. Your users install them. Their tokens get stolen. And so on.

It Targeted Everything

The credential harvester was comprehensive. According to Wiz’s analysis, it swept:

  • GitHub Actions secretsGITHUB_TOKEN, ACTIONS_RUNTIME_TOKEN
  • Cloud credentials — AWS keys, GCP service accounts, Azure tokens, Kubernetes configs
  • Developer tools — SSH private keys, Docker config, GPG keys, npm and PyPI credentials
  • Vault systems — HashiCorp Vault tokens, CircleCI auth

It even read credentials directly from process memory (/proc/<pid>/mem) to bypass GitHub Actions’ log-masking.

It Hid in Plain Sight

The malware used four layers of obfuscation — ROT-21 encoding, AES-128-GCM encryption, obfuscator.io transformations, and a custom PBKDF2-derived cipher. The C2 (command and control) traffic was routed through api.github.com with spoofed headers, making it look like normal GitHub API calls.

And get this: it installed persistence hooks in VS Code (.vscode/tasks.json) and Claude Code (~/.claude/settings.json), so even after you removed the compromised package, the malware would reactivate when you opened your editor.

It Had Valid Provenance

The attacker used GitHub Actions OIDC tokens to publish packages with legitimate SLSA provenance attestations. This means even if you were using tools to verify package provenance — the “right” thing to do — these packages would have passed the check.

The Good News (Sort Of)

Red Hat’s own production systems weren’t affected. Their publication process strips installation-time scripts from packages before deploying to console.redhat.com. According to Red Hat, no customer action is required on their end.

But that doesn’t help you if you pulled one of these packages into your side project during the compromise window.

How to Protect Your Side Projects

Here’s the practical part. Whether you’re building a blog, a SaaS tool, or any side project that touches npm, here’s what you should do right now — and going forward.

Right Now: Check If You’re Affected

1. Search your lock files.

grep -r "@redhat-cloud-services" package-lock.json yarn.lock pnpm-lock.yaml 2>/dev/null

If you find any matches, check the specific versions against the compromised versions list.

2. Check for persistence hooks.

# Check VS Code tasks
find . -name "tasks.json" -path "*/.vscode/*" -exec cat {} \;

# Check Claude Code settings
cat ~/.claude/settings.json 2>/dev/null | grep -i "sessionstart\|hook"

Look for anything you didn’t add yourself.

3. If you’re affected, rotate everything.

Assume all credentials on that machine are compromised. That means:

  • npm tokens
  • GitHub personal access tokens
  • AWS/GCP/Azure credentials
  • SSH keys
  • Any API keys in your environment

Yes, all of them. The credential harvester was thorough.

Going Forward: Build Better Habits

4. Lock down your npm install.

Add this to your .npmrc:

ignore-scripts=true

This prevents preinstall, install, and postinstall scripts from running automatically. You’ll need to explicitly run npm rebuild for packages that need native compilation, but it blocks the entire class of attack that Miasma used.

5. Pin your dependencies.

Don’t use ^ or ~ ranges in production. Use exact versions:

"dependencies": {
  "some-package": "2.1.4"
}

Better yet, use a lock file (you should already have one) and actually commit it to your repo.

6. Review before updating.

Before running npm update, check what’s changing:

npm outdated
npm diff --diff=<package>@<old-version> --diff=<package>@<new-version>

Look for suspicious changes — especially new preinstall scripts or unusually large files. The Miasma payload was a 4.2 MB index.js in what should have been a small library package.

7. Use a dependency monitoring tool.

Free options for solo developers:

  • npm audit — built in, run it regularly
  • Socket.dev — specifically designed to catch supply chain attacks
  • GitHub Dependabot — automated security alerts for your repos

8. Minimize your dependency tree.

Every package you install is a potential attack vector. Before adding a dependency, ask yourself:

  • Can I write this in 20 lines of code myself?
  • Do I really need a package for left-padding a string? (We learned this lesson before.)
  • What’s the maintenance status of this package?

For side projects especially, fewer dependencies = smaller attack surface.

The Bigger Picture

This attack reveals an uncomfortable truth: trust in the npm ecosystem is fragile. Even packages from major organizations with provenance verification can be compromised. The tools we’ve been told to rely on — SLSA attestations, 2FA, trusted publishers — were all bypassed.

As solo developers and side-hustle builders, we’re especially vulnerable. We don’t have security teams reviewing our dependency trees. We don’t have SOC analysts monitoring our CI/CD pipelines. We npm install and move on.

That has to change. Not in a paranoid, “audit every line of every dependency” way — that’s not realistic. But in small, practical ways:

  • Default to ignore-scripts=true
  • Actually look at what you’re installing
  • Keep your dependency count low
  • Rotate credentials regularly, not just after incidents

The Miasma attack was sophisticated, but the defenses against it are surprisingly simple. You just have to actually use them.

How This Post Was Made

This is a timely one, so let me walk you through the process.

I’ve been tracking trending security topics for the blog, looking for stories where there’s high search interest but a gap in content aimed at solo developers and side-hustle builders. The Red Hat npm supply chain attack — which broke on June 1 — fit perfectly: tons of news coverage, but almost nothing written for the individual developer who just wants to know “am I affected, and what do I do?”

I gave Claude the topic direction and framing in Korean: write about the Red Hat npm attack, but angle it for side-project developers. Make it practical, not just news. Claude then researched the attack details across multiple sources — StepSecurity’s original disclosure, Wiz’s technical deep-dive, Microsoft’s analysis, and Red Hat’s own advisory — and synthesized it into the article you just read.

The technical details are real and verified against primary sources. The protection recommendations are practical steps I’d actually follow myself. And yes, Claude writes it, but the editorial judgment — what to cover, what angle to take, what matters to our readers — that’s the human part.

This post was written with Claude AI. I provided the direction, topic, and key points in Korean — Claude turned it into the article you just read.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top