AsyncAPI npm packages were briefly poisoned in a July 14 supply-chain attack that used the project’s own GitHub Actions release path to publish malicious packages with valid registry provenance. The strongest takeaway for developers is uncomfortable but useful: a package can look properly built by trusted publishing and still be unsafe if the source branch or CI identity was compromised before publication.[1]
Chainguard, Socket, StepSecurity, SafeDep, and other researchers tracked five malicious versions across four packages: @asyncapi/[email protected], @asyncapi/[email protected], @asyncapi/[email protected], and @asyncapi/[email protected] plus 6.11.2. They were published between roughly 07:10 and 08:30 UTC on July 14, 2026, and the clean versions later visible from npm were @asyncapi/[email protected], @asyncapi/[email protected], @asyncapi/[email protected] or the earlier clean branch, and @asyncapi/[email protected] depending on the package path checked.[1][2]
The compromise matters because AsyncAPI tooling sits in developer and CI workflows, not only production applications. It follows the same broad risk pattern as the recent jscrambler npm compromise, the Red Hat npm Miasma incident, and the TeamPCP developer-tool supply-chain attacks: a trusted package can become a credential-theft bridge into build systems, source-control accounts, cloud environments, and maintainers’ local machines.
What developers should check now
The malicious AsyncAPI code did not rely on a classic preinstall or postinstall hook. Socket and Chainguard both describe a require-time payload: the first-stage JavaScript runs when the infected module is imported or loaded by Node.js, then starts a detached background process and pulls a larger sync.js payload from IPFS.[1][2] That means an install alone is not the whole exposure question. A build, test, generator run, or CI job that actually loaded the module during the exposure window deserves a higher-severity review.
Teams should first search package locks and dependency snapshots for the exact package-version pairs above. If any affected version appears in package-lock.json, pnpm-lock.yaml, yarn.lock, software-bill-of-material exports, cache artifacts, or CI logs from July 14, treat that environment as potentially compromised until proven otherwise. Current npm metadata reviewed during this run no longer showed the poisoned @asyncapi/[email protected] or @asyncapi/[email protected] versions in the normal version list, which is good for fresh installs but does not clean old lockfiles or cached build layers.
Researchers observed the second stage being saved as sync.js under platform-specific NodeJS-looking paths such as ~/.local/share/NodeJS/sync.js on Linux, ~/Library/Application Support/NodeJS/sync.js on macOS, and %LOCALAPPDATA%NodeJSsync.js on Windows.[1][2] Reported network indicators include payload delivery through IPFS and attacker infrastructure at 85.137.53.71 on ports such as 8080 and 8081.[1][3] These indicators should be hunted in developer workstations, CI runners, container build hosts, and any machine that imported AsyncAPI packages while the malicious releases were live.
The response order should be practical. Pin or update away from the malicious versions, remove suspicious sync.js artifacts and orphaned Node processes, then rotate secrets that could have been reachable from the affected host: npm tokens, GitHub tokens and GitHub CLI credentials, SSH keys, cloud credentials, CI variables, and browser-stored passwords. If the package ran in CI, rotate repository and organization secrets used by that workflow, not just the developer account that noticed the alert.
StepSecurity’s analysis is also a reminder not to overtrust provenance labels. The malicious AsyncAPI packages were reportedly published by legitimate GitHub Actions workflows through npm trusted publishing; the attacker abused push access and release automation rather than stealing an npm token directly.[3] Provenance can prove which workflow built a package, but it cannot prove that the branch, workflow trigger, or credentials feeding that workflow were still trustworthy.
References
- Chainguard, “AsyncAPI supply chain compromise: npm packages backdoored via GitHub Actions ‘pwn request’,” July 14, 2026.
- Socket Research Team, “Compromised npm Packages in the AsyncAPI Namespace Deliver Miasma Botnet Loader,” July 14, 2026.
- StepSecurity, “Coordinated AsyncAPI Supply Chain Attack: Miasma RAT Delivered via Compromised CI/CD Pipelines in Two Repositories,” July 14, 2026.
- The Hacker News, “Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware,” July 15, 2026.
Leave a Comment