Large-Scale Supply Chain Attack Targets npm Packages via binding.gyp
Severity: High (Score: 66.0)
Sources: Cybersecuritynews, Gbhackers
Published: · Updated:
Keywords: supply, chain, attack, packages, across, binding, dozens
Severity indicators: supply chain attack, supply chain
Summary
On June 3, 2026, a significant supply chain attack compromised at least 57 npm packages, with over 286 malicious versions identified. The attack exploited the binding.gyp configuration file, allowing malicious code to execute immediately upon running 'npm install'. This self-replicating worm began its campaign around 23:30 UTC, starting with the compromise of the @vapi-ai/server-sdk, a widely used voice AI SDK. The rapid nature of the attack raised alarms among developers and security teams, as the malicious code spread quickly across multiple packages. The incident highlights vulnerabilities in package management systems and the need for enhanced monitoring. As of now, the full scope of the impact is still being assessed, and security teams are urged to review their npm packages for potential compromises. Key Points: • 57 npm packages compromised with over 286 malicious versions identified. • Attack exploited the binding.gyp configuration file for immediate code execution. • Incident began on June 3, 2026, affecting widely used packages like @vapi-ai/server-sdk.
Detailed Analysis
**Impact** At least 57 npm packages were compromised, resulting in over 286 malicious versions being published within two hours on June 3, 2026. The attack affected multiple maintainer accounts and targeted widely used packages, including @vapi-ai/server-sdk, which has over 408,000 monthly downloads. This incident impacts software developers and organizations relying on these packages globally, potentially leading to widespread supply chain contamination and operational disruptions. **Technical Details** The attacker exploited the binding.gyp configuration file to execute malicious code during the npm install process, bypassing typical monitoring focused on package.json scripts. The campaign operated as a self-replicating worm, rapidly spreading across the npm registry starting at approximately 23:30 UTC on June 3, 2026. No CVEs or specific malware names were provided in the available reports. Indicators of compromise include the altered binding.gyp files and the affected package versions. **Recommended Response** Defenders should immediately audit npm packages for unauthorized changes to binding.gyp files and revert to known clean versions. Implement monitoring for unusual modifications in package configuration files beyond package.json scripts. Block or flag versions published during the attack window and review maintainer account security to prevent further compromises. No patches or CVEs were identified; focus should be on detection and containment.
Source articles (2)
- Supply Chain Attack Hits Dozens of npm Packages via binding.gyp — Gbhackers · 2026-06-04
A large-scale npm supply chain attack has compromised at least 57 packages across more than 286 malicious versions in a rapid, coordinated campaign that unfolded in under two hours on June 3, 2026. Th… - binding.gyp Supply Chain Attack Compromises Dozens of npm Packages Across Maintainer Accounts — Cybersecuritynews · 2026-06-04
A self-replicating worm has been quietly spreading across the npm registry using a method most security teams do not watch for. Instead of hiding inside package.json scripts, the attacker weaponized a…
Timeline
- 2026-06-03 — Supply chain attack initiated: The attack started at approximately 23:30 UTC, compromising the @vapi-ai/server-sdk.
- 2026-06-03 — Malicious versions identified: Over 286 malicious versions were found across at least 57 npm packages within hours.
- 2026-06-04 — Attack reported widely: Cybersecurity news outlets reported on the extensive supply chain attack affecting npm packages.
Related entities
- Supply Chain Attack (Attack Type)
- Worm (Attack Type)
- vapi.ai (Domain)
- T1195 - Supply Chain Compromise (Mitre Attack)
- Binding.gyp (Malware)
- Npm (Tool)