Back to Blog
Technology 4 min read

CI/CD Pipeline Security at Risk in 2026 SAP Attack

remote work securitysupply chain attacksdeveloper securityCI/CD pipeline securityGitHubnpm

A supply chain attack on SAP-related npm packages in April 2026 has exposed critical weaknesses in CI/CD pipeline security. The 'mini Shai-Hulud' campaign stole tokens, cloud credentials, and exploited developer tools like Visual Studio Code and Claude Code.

May 1, 2026
A remote developer working at night, highlighting risks to CI/CD pipeline security from compromised environments and stolen credentials.

The 2026 SAP supply chain attack exploited remote work setups, underscoring the need for stronger CI/CD pipeline security.

CI/CD Pipeline Security Under Siege

In April 2026, a supply chain attack on SAP-related npm packages sent shockwaves through the developer community. The breach, dubbed 'mini Shai-Hulud' by researchers, underscores the growing threat to CI/CD pipeline security. Malicious versions of widely used JavaScript development tools were pushed to npm, enabling attackers to harvest sensitive credentials directly from developer environments.

The compromised packages—mbt@1.2.48, @cap-js/db-service@2.10.1, @cap-js/postgres@2.2.2, and @cap-js/sqlite@2.2.2—executed credential-stealing code during installation. This incident is not just a package compromise. It’s a full-scale assault on the modern software delivery chain, where developer workstations become entry points for broader enterprise compromise.

How the Attack Unfolded

The malicious code was published on April 29 and later replaced with clean versions. But not before damage was done. The malware used preinstall hooks to run automatically, encrypting stolen data and exfiltrating it to public GitHub repositories created under victims’ own accounts. This technique masked malicious activity under legitimate user identities.

Researchers from SafeDep, Aikido Security, and Wiz traced the attack to two key vulnerabilities. For the @cap-js packages, attackers exploited a configuration gap in npm’s OIDC trusted publishing setup. The mbt package compromise likely involved a static npm token—indicating poor credential hygiene.

Once inside, attackers didn’t stop at data theft. They used stolen GitHub and npm tokens to inject malicious GitHub Actions workflows and publish poisoned packages, creating a self-propagating cycle of compromise.

Developer Workstations as Attack Vectors

What sets this attack apart is its focus on the developer experience. Attackers targeted not just code, but the tools developers use daily. Malware added persistence through Visual Studio Code and Claude Code configuration files—specifically .vscode/tasks.json and .claude/settings.json.

When an infected repository was opened in VS Code or a Claude Code session started, the malware reactivated. This persistence mechanism turned trusted development environments into silent accomplices.

Varkey described the campaign as "living off the developer," where attackers exploit developer tools, automation, and trust relationships. The goal isn’t just to steal code—it’s to hijack the entire software supply chain from within.

Why CI/CD Pipeline Security Matters for Enterprises

For CISOs, the implications are clear. A single compromised developer identity can bypass traditional security perimeters. Once inside a CI/CD pipeline, attackers can push malicious code to production with minimal oversight.

"The fact that the malware was designed to harvest GitHub and npm tokens, GitHub Actions secrets, and cloud credentials from AWS, Azure, GCP, and Kubernetes in a single pass tells you that attackers now treat the developer workstation as a master key," said Sakshi Grover, senior research manager for IDC Asia Pacific Cybersecurity Services.

"The fact that the malware was designed to harvest GitHub and npm tokens, GitHub Actions secrets, and cloud credentials from AWS, Azure, GCP, and Kubernetes in a single pass tells you that attackers now treat the developer workstation as a master key" — Sakshi Grover, senior research manager for IDC Asia Pacific Cybersecurity Services

Despite the risks, many organizations still treat developer environments as less critical than production systems. This attack proves that assumption wrong. Developer workstations now hold the keys to cloud environments, CI/CD pipelines, and proprietary codebases.

Attack Component Target Impact
Preinstall hooks npm packages Automatic execution during install
OIDC misconfiguration @cap-js packages Unauthorized publishing rights
Static npm token mbt package Account takeover
VS Code & Claude configs Developer tools Persistence and reinfection

Protecting Remote Developer Security in 2026

For remote developers, especially in the US, this incident highlights urgent risks. With distributed teams relying on cloud-based tools, securing the development environment is no longer optional. Organizations must treat developer workstations with the same rigor as production systems.

Steps to improve remote developer security risks include:

  • Eliminate static tokens in favor of short-lived, scoped credentials
  • Enforce strict configuration policies for IDEs and AI coding assistants
  • Monitor for unauthorized GitHub repository creation and workflow changes
  • Implement zero-trust access controls for CI/CD pipelines
  • Regularly audit npm and GitHub integrations

While 46% of enterprises plan to deploy AI for supply chain risk analysis in the next two years, many are still in the planning phase. The mini Shai-Hulud attack highlights the need for immediate defenses, given the real-world risks to CI/CD pipelines.

The mini Shai-Hulud attack underscores how vulnerabilities in the npm ecosystem can directly compromise CI/CD pipeline security. By exploiting a misconfiguration in npm’s OID trusted publishing for @cap-js packages, attackers gained the ability to inject malicious code into widely used development tools. Once installed, the poisoned packages harvested credentials and tokens, effectively turning trusted developer workflows into attack vectors. This breach highlights the need for tighter controls around package publishing and consumption, especially for organizations relying on open-source components in their build processes.

Related Opportunities

Sources

Csoonline.

The mini Shai-Hulud attack exposed critical weaknesses in CI/CD pipeline security, particularly in how trusted publishing mechanisms are configured and monitored. By exploiting a gap in npm’s OIDC trusted publishing setup for @cap-js packages, attackers were able to inject malicious code into widely used development tools, highlighting how supply chain vulnerabilities can cascade through automated build systems. The compromised packages—mbt@1.2.48, @cap-js/db-service@2.10.1, and others—ran installation scripts that silently exfiltrated credentials and tokens, directly threatening CI/CD environments. With stolen tokens, attackers then published further malicious updates and modified GitHub Actions workflows, demonstrating how a single breach can amplify across interconnected systems. This incident underscores the importance of verifying not just code integrity but also the security controls governing package publishing and deployment pipelines.

Topics

CI/CD Pipeline SecurityRemote Developer Security RisksDeveloper Supply Chain AttacksSecure Remote Coding JobsProtecting Cloud CredentialsRemote Tech Job SafetyNpm Package SecurityGitHub Actions SecurityOIDC MisconfigurationDeveloper Workstation SecuritySAP Npm AttackMini Shai HuludVisual Studio Code SecurityClaude Code SecurityHow to Stay Safe as a Remote Developer in 2026