Red Hat's npm publishing pipeline was compromised to distribute signed, trusted malicious packages that steal cloud credentials and self-propagate through GitHub repositories, representing one of the most sophisticated supply chain attacks the JavaScript ecosystem has seen.
The malicious package, patch-client@4.0.4, wasn't distributed through the usual attack vectors like typosquatting or stolen tokens. It went out through the project's own GitHub Actions OIDC trusted publisher - meaning Red Hat's actual release pipeline produced it. That's what makes this particularly nasty: all the normal security checks passed because the malware came from a legitimate source.
Here's what the malware does: it runs automatically on npm install, steals cloud credentials from the infected system, and then injects fake CodeQL workflows into any repository the stolen tokens can access. Those fake workflows propagate the malware further. It's a worm, essentially - self-replicating malware for the npm ecosystem.
If you have anything related to @redhat-cloud-services in your dependency tree, you need to check which version you're running. Version 4.0.3 is the last clean version. Anything at 4.0.4 or installed during the compromise window is potentially infected. And if you got infected, you need to rotate any cloud credentials on that system and check your repositories for unauthorized workflow modifications.
What's particularly concerning is that 32 packages share the same publisher, meaning the window of exposure wasn't limited to a single package. The attacker who compromised the pipeline had potential access to push malicious versions of any of them.
This attack represents a new evolution in supply chain security threats. Traditional defenses focus on preventing unauthorized access to publishing systems. But when the authorized pipeline itself is compromised, all those defenses become irrelevant. The malware came with valid signatures, from trusted infrastructure, through legitimate channels.
The npm ecosystem has been dealing with malware for years, but most attacks are relatively unsophisticated - typosquats that rely on developers mistyping package names, or stolen credentials used to push obviously malicious updates. This is different. This is infrastructure-level compromise with worm-like propagation capabilities.
