Embedded Malicious Code in tinycolor and ngx-bootstrap releases on npm

This is an ongoing incident and updates will be provided as more information is confirmed.

Update (Sep 16, 2025)

The Snyk security team is aware of this ongoing supply chain attack and is actively investigating, analyzing, and curating threats and risks resulting from this extended npm compromised packages attack. We recommend you refer to the Snyk product findings as an up-to-date resource.

TL;DR (Sep 15, 2025)

On September 15, 2025, multiple malicious versions of the ngx-bootstrap and ng2-file-upload npm packages were published and then quickly pulled. Those releases embedded a postinstall script (bundle.js) that attempted to harvest developer tokens (e.g., npm, GitHub, cloud credentials) and exfiltrate secrets. Treat any system that installed these versions as fully compromised: remove the package, rotate all secrets from a separate, trusted machine, and investigate for lateral movement. GitHub has posted a malware advisory for ngx-bootstrap and ng2-file-upload; no patched version exists for the tampered builds because they were removed.

Since the initial ngx-bootstrap findings, malware signals have also extended to the @ctrl/tinycolor npm package downloaded at more than 2 million times a week and compromising more npm packages under the @ctrl, and @nativescript-community namespaces and other individual packages.

What is ngx-bootstrap and why this matters

ngx-bootstrap is a popular Angular component library that wraps Bootstrap UI components for Angular apps. It’s widely used in front-end projects, CI builds, and developer workstations, meaning a malicious install script can run during routine npm install, with access to developer machines and local credentials. The official repo is maintained by Valor Software.

What we know so far

Affected packages are likely 100s

The attack has further advanced to compromise other packages beyond ngx-bootstrap and @ctrl/tinycolor and includes more organization namespaces such as packages belonging to the cybersecurity company Crowdstrike under the npm package namespace @crowdstrike and others.

The following is not meant to be an exhaustive list but rather a reference. We always advise you to refer to the Snyk product, scan results, and reporting for an up-to-date and comprehensive list of all malicious packages and versions.

Broader affected packages include:

@ctrl/deluge                                     =7.2.1,=7.2.2
@ctrl/magnet-link                                =4.0.3,=4.0.4
@nativescript-community/ui-material-bottomsheet  =7.2.72
@nativescript-community/ui-pulltorefresh         =2.5.4,=2.5.5,=2.5.6,=2.5.7
@nativescript-community/sqlite                   =3.5.2,=3.5.3,=3.5.4,=3.5.5
@nativescript-community/ui-material-tabs         =7.2.72,=7.2.73,=7.2.74,=7.2.75
ngx-trend                                        =8.0.1
react-jsonschema-form-conditionals               =0.3.21
rxnt-healthchecks-nestjs                         =1.0.5
@crowdstrike/commitlint                          =8.1.1,=8.1.2
@crowdstrike/foundry-js                          =0.19.1,=0.19.2
@crowdstrike/logscale-file-editor                =1.205.1,=1.205.2
@crowdstrike/logscale-search                     =1.205.1,=1.205.2
@nativescript-community/perms                    =3.0.5,=3.0.6,=3.0.7,=3.0.8,=3.0.9
encounter-playground                             =0.0.5
json-rules-engine-simplified                     =0.2.4
koa2-swagger-ui                                  =5.11.1,=5.11.2
@nativescript-community/sentry                   =4.6.43
@nativescript-community/ui-collectionview        =6.0.6
@nativescript-community/text                     =1.6.9,=1.6.10,=1.6.11,=1.6.12,=1.6.13
@nativescript-community/arraybuffers             =1.1.6,=1.1.7,=1.1.8
@nativescript-community/ui-pager                 =14.1.35,=14.1.36,=14.1.37,=14.1.38
@nativescript-community/ui-drawer                =0.1.30
@nativescript-community/typeorm                  =0.2.30,=0.2.31,=0.2.32,=0.2.33
@nativescript-community/ui-image                 =4.5.6
@nativescript-community/ui-material-core         =7.2.72,=7.2.73,=7.2.74,=7.2.75,=7.2.76
@nativescript-community/ui-material-core-tabs    =7.2.72,=7.2.73,=7.2.74,=7.2.75,=7.2.76
ngx-color                                        =10.0.1,=10.0.2
ngx-toastr                                       =19.0.1,=19.0.2
react-complaint-image                            =0.0.35
react-jsonschema-form-extras                     =1.0.4
rxnt-authentication                              =0.0.6
rxnt-kue                                         =1.0.7
swc-plugin-component-annotate                    =1.9.1,=1.9.2
ts-gaussian                                      =3.0.5,=3.0.6
@crowdstrike/falcon-shoelace                     =0.4.1,=0.4.2
@crowdstrike/glide-core                          =0.34.2,=0.34.3
@crowdstrike/logscale-dashboard                  =1.205.1,=1.205.2
@crowdstrike/logscale-parser-edit                =1.205.1,=1.205.2
@crowdstrike/tailwind-toucan-base                =5.0.1,=5.0.2
@ctrl/torrent-file     =4.1.1,=4.1.2
@ctrl/transmission     =7.3.1
@ctrl/ngx-emoji-mart   =9.2.1,=9.2.2
@ctrl/qbittorrent      =9.7.1,=9.7.2
@ctrl/ts-base32        =4.0.1,=4.0.2
@ctrl/ngx-codemirror   =7.0.1,=7.0.2
@ctrl/shared-torrent   =6.3.1,=6.3.2
@ctrl/ngx-rightclick   =4.0.1,=4.0.2
@ctrl/golang-template  =1.4.2,=1.4.3

Affected ngx-bootstrap package and versions

Community reports documented that the following ngx-bootstrap versions contained the malicious postinstall hook invoking bundle.js:

• 20.0.4, 20.0.5, 20.0.6

• 19.0.3

• 18.1.4

Additionally, 20.0.3 reportedly contained bundle.js but without a postinstall declaration. The same report notes the affected versions were removed from npm shortly after discovery.

Note: At the time of writing, the npm package page shows only current, non-impacted versions; the malicious ones were unpublished.

Community reports also flagged ng2-file-upload as “looking affected,” but details are thinner; keep an eye on dependency trees that include Valor Software packages and validate installed versions.

Timeline (UTC)

• 2025-09-15 — Community report opens on valor-software/ngx-bootstrap identifying malicious postinstall/bundle.js in new versions; notes token exfiltration attempts and that affected versions were pulled from npm.

• 2025-09-15 — GitHub Advisory Database posts GHSA-6m4g-vm7c-f8w6 for ngx-bootstrap (“Malware”), with guidance to treat installing hosts as compromised.

(We will update as new, verifiable facts emerge from maintainers/registries.)

Impact assessment

• Who’s affected? Developers, CI agents, and endpoints that installed one of the listed versions, or pulled them via transitive deps during the window they were available.

• What could be exposed? Developer environment secrets and tokens (npm, GitHub), and potentially cloud credentials (AWS/GCP/etc.) based on the behavior described in bundle.js.

• Additionally, an indicator of compromise (IoC) is attributed to a new GitHub Actions workflow named shai-hulud, created by the malware.

• Severity: Critical (malicious code execution at install time; credential theft/exfiltration). GitHub’s advisory explicitly instructs a full compromise response.

How to detect 0-day npm malware with Snyk?

Snyk features a Zero-Day report as part of the dashboard in the Snyk app. If you're on an Enterprise plan, you can use this view to filter the report and select the relevant zero-day for this npm malware attack or specific CVEs you wish to track and gain a system-wide view of the impact for this tinycolor / ngx-bootstrap or other dependencies across your applications and monitored code repositories.

Detection & triage playbook

1. Identify exposure quickly

   • Check whether your environment pulled impacted versions:

     • npm ls ngx-bootstrap (per project)

     • Review lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock) for ngx-bootstrap@18.1.4, 19.0.3, 20.0.4–20.0.6, and note any installs performed on/after 2025-09-15.

   • Inspect node_modules/ngx-bootstrap/package.json for a postinstall entry, and look for a bundle.js file in the package root if you maintain vendor archives/caches

2. Halt script execution during incident response

   • Reinstall with scripts disabled to prevent any remaining lifecycle hooks from running:

     • npm ci --ignore-scripts or npm install --ignore-scripts

     • You can also set ignore-scripts=true in .npmrc

3. Forensic checks

   • Review outbound connections from build agents/developer hosts at install time windows.

   • Audit GitHub (access token lists, recent security logs), npm tokens, and cloud provider credential usage for anomalies. Audit GitHub Actions.

   • Treat any host that ran an impacted version install as compromised per GitHub Advisory guidance.

Immediate containment & remediation

1. Remove impacted versions

   • Delete node_modules and lockfiles referencing malicious versions; reinstall pinned, known-good versions.

   • Clear any private registries/caches/artifacts that might still hold the bad tarballs.

2. Rotate secrets from a clean machine

   • GitHub: revoke personal access tokens/SSH keys; rotate fine-grained tokens; review OAuth app/device authorizations.

   • npm: revoke registry tokens.

   • Clouds (AWS/GCP/etc.): rotate access keys/service account keys and invalidate any long-lived credentials.

3. Rebuild/redeploy

   • After rotation, rebuild from clean environments with lifecycle scripts disabled initially, then re-enable as needed.

4. User/tenant communications

   • If you distribute software built during the window, notify downstreams and advise upgrades/rebuilds.

On supply chain security attacks

This comes along with a few other recent security incidents of this nature. We’ve seen CI and maintainer-account attacks allowing release hijacks before:

• The ESLint/Prettier maintainers compromise (July 2025): Phishing + typosquatting (npnjs.com) harvested npm credentials and pushed malware to popular packages, another reminder to harden maintainer accounts with 2FA. 

• Weaponizing AI Coding Agents for Malware in the Nx Malicious Package Security Incident (August 2025)

• npm Supply Chain Attack via Open Source maintainer compromise (September 2025)