In September 2025, the Shai-Hulud worm spread through npm by stealing maintainer credentials, publishing trojanized versions of legitimate packages, and using each compromised account to infect the next. Hundreds of packages were affected within hours. By the time most CVEs were filed, the malicious versions had already been installed, executed, and rotated out of the registry.
This isn't an outlier. The axios npm compromise, the Bitwarden CLI takeover, and the ongoing TeamPCP and CanisterWorm campaigns have made one thing clear: attackers no longer need to find a vulnerability in your code. They can ship one directly to your developers, signed by a trusted maintainer, in a package your build system will install without question.
This paper covers:
- Why traditional SCA misses open source malware entirely, and what changes when detection is the goal
- How Endor Labs' multi-signal detection engine combines code, metadata, maintainer behavior, and install-time analysis with LLM-based reasoning to produce calibrated verdicts
- How the Package Firewall turns those verdicts into real-time enforcement at
npm installandpip install— with declarative YAML policy, version range matching, and minimum-age controls - The four most common malware delivery vectors, and how the Firewall stops each one before code reaches a developer machine
What's next?
When you're ready to take the next step in securing your software supply chain, here are 3 ways Endor Labs can help:
