Ongoing NPM supply chain attack uses binding.gyp to spread like a worm
Malicious packages exploit binding.gyp and index.js to execute payload on npm install, downloading Bun runtime, harvesting credentials, and injecting into GitHub Actions workflows for further spread. Affected package: ai-sdk-ollama versions 0.13.1, 1.1.1, 2.2.1, 3.8.5.
Summary
Packages published from this repository contain a malicious binding.gyp and index.js. Anyone running npm install or npm update against any version of the affected packages will trigger execution of the payload node-gyp's source expansion step runs node index.js, which downloads the Bun runtime, harvests credentials from the runner, and injects itself into GitHub Actions workflow files to spread further.
Affected Versions
Package | Compromised versions -- | -- ai-sdk-ollama | 0.13.1, 1.1.1, 2.2.1, 3.8.5
Full details
For the complete analysis, kill chain, full IOC list, recovery steps for users and maintainers, and evidence from a detonation in an instrumented runner, see the StepSecurity write-up:
https://www.stepsecurity.io/blog/binding-gyp-npm-supply-chain-attack-spreads-like-worm
---
— StepSecurity Threat Intelligence team