/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
On September 8, 2025, attackers phished the npm maintainer “qix” and stole their two-factor authentication (2FA) credentials.
With that access, they published malicious versions of some very popular npm packages (including debug, chalk, and ansi-styles).
On November 24, 2025, Shai Hulud launches a second supply-chain attack, compromising Zapier, ENS, AsyncAPI, PostHog, and Postman, along with over 25,000 affected repositories across ~350 unique users.
Shai Hulud 2.0 Strikes Again: Malware Supply-Chain Attack Hits Zapier & ENS Domains
Example Article Links:
https://fortiguard.fortinet.com/threat-signal-report/6201/npm-supply-chain-attack
https://www.koi.ai/incident/live-updates-sha1-hulud-the-second-coming-hundred-npm-packages-compromised
The impact is considered high risk for applications that serve frontend JavaScript, especially those handling payments, cryptocurrency, or wallet flows.
Read more...
Environment
Commerce Cloud 2205.44
Commerce Cloud 2211.46
Commerce Cloud 2211-jdk21.4
Keywords
Commerce Cloud Protection,npm, Shai-Hulud, Supply Chain Attack , KBA , CEC-SCC-CLA-ENV-EMG , Environment Management , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)