Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service)

Vulnerability

On April 29, 2026, compromised versions of @cap-js/sqlite@2.2.2, @cap-js/postgres@2.2.2, and @cap-js/db-service@2.10.1 were published to npm [1][2]. These packages are core components of SAP's Cloud Application Programming (CAP) model development toolchain. The malicious code is delivered via a preinstall hook that bootstraps the Bun JavaScript runtime and executes an obfuscated credential stealer [1].

Exploitation

An attacker needs no special privileges beyond the ability to publish compromised packages to npm, which they obtained by stealing an npm token from a previous infection [1]. Once a developer or CI pipeline installs a compromised package, the malware harvests credentials and attempts self-propagation by using the stolen npm token to publish malicious versions to other packages that token can access [1]. The payload also persists by writing .claude/settings.json and .vscode/tasks.json files that trigger re-execution when the repository is opened in AI coding tools or Visual Studio Code [1].

Impact

All credentials accessible on the infected machine are exfiltrated, including npm tokens, cloud provider credentials, SSH keys, and GitHub personal access tokens [1][2]. Stolen credentials are used to create public GitHub repositories branded “A Mini Shai-Hulud has Appeared,” and the worm propagates to other packages the victim's token can reach [1]. This supply chain attack compromises developer machines and potentially affects downstream users of the CAP toolchain.

Mitigation

Upgrade to @cap-js/sqlite >= 2.4.0, @cap-js/postgres >= 2.3.0, and @cap-js/db-service >= 2.11.0 immediately [2]. If a compromised version was ever installed, rotate all credentials (npm tokens, cloud provider credentials, SSH keys, GitHub PATs) that were accessible on that machine [1][2]. No workarounds are available [2].