TL;DR
PostHog says the Shai‑Hulud 2.0 incident — where malicious npm releases were pushed and a worm harvested developer secrets — is the company's most serious security event to date. The breach exploited an automation flaw in a CI/CD workflow that allowed code from a malicious pull request to run with broad privileges and propagate trojanized SDKs.
What happened
Attackers slipped malicious code into PostHog's JavaScript SDKs and used an automated pipeline to run that code with elevated rights. A pull request triggered a project automation script that executed on the attacker's branch, exposing a bot personal-access token with write permissions. The intruder used those credentials to commit additional malicious workflow changes that scanned for and exfiltrated secrets. Contaminated packages — including core SDKs such as posthog-node, posthog-js and posthog-react-native — contained a pre-install script that ran TruffleHog to hunt for credentials, uploaded any findings to new public GitHub repositories, and then reused stolen npm credentials to publish further compromised releases. Security researchers at Wiz reported that more than 25,000 developers had secrets exposed within three days. PostHog says it revoked compromised tokens, removed the malicious package versions and began issuing known-good releases while planning changes to its release and workflow practices.
Why it matters
- Automation in CI/CD can amplify a single malicious change into a wide supply‑chain compromise.
- The incident shows how package pre-install scripts can be abused to extract sensitive tokens and environment data.
- Worm-like behavior in dependency ecosystems can quickly scale exposure across thousands of developers and projects.
- Credential theft here included not just npm/GitHub tokens but cloud and CI/CD secrets, raising multi-platform risk.
Key facts
- PostHog described Shai‑Hulud 2.0 as its "largest and most impactful security incident".
- Compromised PostHog packages included posthog-node, posthog-js and posthog-react-native.
- The malicious releases contained a pre-install script that ran TruffleHog to search for credentials and uploaded findings to public GitHub repositories.
- Attackers seized a bot personal-access token with write permissions by exploiting a workflow that executed code from an attacker-controlled branch.
- Using stolen credentials, the intruders modified workflows to harvest more secrets — including the npm publishing token — and pushed trojanized SDKs to npm.
- Wiz researchers reported that over 25,000 developers had secrets exposed within three days of the campaign.
- PostHog revoked compromised tokens, removed the malicious package versions and started issuing known-good releases.
- PostHog plans to adopt a trusted publisher model, tighten workflow change reviews and disable install-script execution in its CI/CD pipelines.
What to watch next
- PostHog's rollout and effectiveness of the 'trusted publisher' model and CI/CD hardening measures (confirmed in the source).
- Whether other maintainers affected by Shai‑Hulud 2.0 publish detailed postmortems and remediation steps — not confirmed in the source.
- Whether npm, GitHub, or CI providers change defaults around running code from untrusted pull requests or executing install scripts — not confirmed in the source.
Quick glossary
- CI/CD workflow: Automated processes that build, test and deploy software; they can run scripts and tasks when code changes are made.
- npm: A package registry and package manager for JavaScript and Node.js ecosystems used to distribute libraries and tools.
- pre-install script: A script configured to run automatically when a package is installed; it can perform setup actions but can also be abused if malicious.
- personal-access token: A credential issued to automate API access or CI tasks; tokens can carry permissions similar to a user account.
- worm: Malware that self-propagates by exploiting system or network mechanisms to spread without direct human action.
Reader FAQ
Which PostHog packages were compromised?
PostHog said core SDKs such as posthog-node, posthog-js and posthog-react-native were contaminated; other affected packages included those from Zapier, AsyncAPI, ENS Domains and Postman.
How did the attackers spread the malicious code?
A malicious pull request triggered an automation script that ran with project privileges, allowing attackers to steal a bot token, modify workflows to harvest secrets, and use stolen npm credentials to publish trojanized releases.
How many developers were affected?
Security researchers at Wiz reported that more than 25,000 developers had secrets compromised within three days.
Has PostHog fixed the problem?
PostHog revoked compromised tokens, removed malicious versions and began issuing known-good releases, and says it is changing its publishing and workflow processes.
Did npm or GitHub themselves get breached?
not confirmed in the source
DEVOPS 8 PostHog admits Shai-Hulud 2.0 was its biggest ever security bungle Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm Carly Page Fri 28 Nov 2025 //…
Sources
- PostHog admits Shai-Hulud 2.0 was its biggest ever security bungle
- Post-mortem of Shai-Hulud attack on November 24th, 2025
- Sha1-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposed
- Shai-Hulud V2 Poses Risk to NPM Supply Chain
Related posts
- Apple locks developer out of Apple ID after failed $500 gift card redemption
- Former spy and startup CEO predicts a ‘WannaCry of AI’ is imminent
- Starlink satellite malfunctions, releases debris and will reenter Earth’s atmosphere