A hacked npm maintainer account pushed 631 malicious versions across 314 packages in just 22 minutes on May 19, stealing AWS keys, GitHub tokens, SSH credentials, and everything else developers carelessly leave in environment variables. If you're running popular npm packages like size-sensor (4.2 million monthly downloads) or echarts-for-react (3.8 million downloads), you might want to check your dependencies.

The attack hit the atool maintainer account between 01:39 and 02:06 UTC. That's 22 minutes to compromise a significant chunk of the JavaScript ecosystem. The malware was sophisticated - a 498KB obfuscated Bun payload with redundant delivery mechanisms and five different persistence strategies. This wasn't a script kiddie experiment. This was professional-grade supply chain warfare.

Here's what it stole: AWS credentials from environment variables, config files, EC2 metadata, and ECS container credentials. GitHub personal access tokens. npm tokens. SSH keys. Docker authentication. Kubernetes service account tokens. Database connection strings. Basically everything you need to completely compromise a development environment and pivot to production systems.

The exfiltration method was clever: data was committed as Git objects to publicly created GitHub repositories using the GitHub API, disguised with a python-requests/2.31.0 User-Agent. The repositories followed a Dune-themed naming pattern with no issues, wiki, or discussions enabled. Just anonymous data graves scattered across GitHub's infrastructure.

But the persistence mechanisms are what should terrify you. The malware injected malicious GitHub Actions workflows that dump secrets to artifacts. It hijacked AI agent hooks in Claude Code with SessionStart triggers. It created systemd and LaunchAgent daemons for background credential monitoring. It infected other local Node.js projects via settings file injection. And if you had your Docker socket exposed, it escaped the container with privileged access.

This is the third major npm supply chain attack this year. At some point we need to stop calling these incidents and start calling them what they are: a systemic failure of package ecosystem security. Too much of the internet depends on unpaid maintainers with under-secured accounts. When one of those accounts gets compromised, millions of projects inherit the vulnerability automatically through dependency resolution.