Red Hat has confirmed a supply chain compromise affecting multiple npm packages published under the @redhat-cloud-services namespace, after malicious code was introduced through a compromised GitHub account and pushed into trusted repositories used by its cloud services frontend ecosystem.The company’s security bulletin, RHSB-2026-006, created on June 1, 2026, said preliminary findings showed unauthorised commits were made to repositories within a Red Hat GitHub organisation. Red Hat said compromised package versions were removed from npm after disclosure and that its product security and engineering teams were examining build systems and dependency records to determine whether any product builds contained the affected versions. Based on its findings at the time of the bulletin, Red Hat said no customer action was required.
The incident has drawn attention across the software security industry because the affected packages were not lookalike or typosquatted libraries, but legitimate packages distributed through a trusted namespace. That makes the breach more serious for organisations relying on package reputation, signed workflows or long-standing dependency histories as indicators of safety.
Security researchers tracking the campaign found that more than 30 packages and dozens of package versions were affected. The compromised packages included frontend components, RBAC clients, notification clients, inventory clients, compliance clients, patch clients, configuration tools and other libraries used in Red Hat’s cloud services development environment. Some analyses placed the number at 32 packages and 96 compromised versions, with the affected packages collectively drawing more than 100,000 weekly downloads.
The malware was designed to execute automatically during installation through npm lifecycle scripts, particularly preinstall hooks. That means the code could run as soon as a developer machine or CI/CD pipeline installed the package, before an application explicitly imported or executed the library. The payload was described as a multi-stage credential harvester capable of scanning for GitHub Actions secrets, npm tokens, cloud credentials, Kubernetes access data, HashiCorp Vault material, CircleCI tokens and other sensitive developer environment variables.
The malicious code has been linked by several researchers to a campaign referred to as “Miasma”, with behaviour resembling the Mini Shai-Hulud family of npm supply chain malware. The connection remains partly analytical rather than conclusive attribution, as some tools and techniques associated with earlier campaigns have become publicly available and could be reused by copycat operators. The payload’s use of Greek mythology-themed markers also distinguished it from earlier Shai-Hulud references.
A key concern is the apparent abuse of GitHub Actions and OpenID Connect-based trusted publishing. Trusted publishing was introduced to reduce reliance on long-lived npm publishing tokens by allowing short-lived identity-backed releases from CI/CD workflows. In this case, investigators said the attack appeared to originate from compromise of the upstream development pipeline rather than a simple npm token theft. That distinction matters because it shows that stronger publishing mechanisms can still be undermined if attacker access reaches the workflow that is allowed to publish trusted releases.
The breach also underlines the risk posed by install-time scripts in package ecosystems. Modern JavaScript projects often pull in large dependency trees, and installation scripts can execute with access to developer machines, environment variables and build credentials. Academic and industry research has repeatedly warned that package managers create a high-trust channel in which a single compromised maintainer account, workflow or dependency can expose large downstream ecosystems.
Red Hat’s bulletin said the affected libraries are frontend components compiled and bundled into some container images during product build processes. The company said product security teams were continuing dependency tracking and build analysis. That language suggests the immediate enterprise impact may depend on whether compromised versions entered downstream builds, internal caches or customer-controlled development pipelines before removal.
Security teams assessing exposure are being advised across the industry to examine package-lock files, npm caches, source repositories, CI/CD logs, software bills of materials and container images for affected versions. Organisations that installed the compromised packages after June 1, 2026, may need to treat developer and build environments as potentially exposed, especially where secrets were available during installation. Credential rotation, audit-log review and rebuilds from clean environments are likely to be necessary in cases where affected versions were present.
The attack comes amid a broader wave of npm ecosystem compromises involving credential theft, malicious maintainers, typosquatting and abuse of automated build systems. Earlier campaigns targeted widely used development libraries and cloud-related packages, showing that attackers are increasingly focused on developer infrastructure rather than only end-user devices. CI/CD systems have become especially attractive because they often hold publishing permissions, deployment credentials and access to production or staging environments.
Topics
Technology