Node-gyp Supply Chain Compromise - June 2026

Malicious npm packages abusing binding.gyp and node-gyp for install-time execution

⚠️

Incident Intelligence

FikreSekhel Research is tracking this campaign as a software supply chain compromise involving install-time execution paths.

Supply Chain Compromise

This incident affected multiple npm packages published with malicious install-time behavior using binding.gyp and node-gyp. Unlike common npm malware that relies on preinstall or postinstall scripts, this campaign used native build configuration behavior as the execution path.

Severity Critical

Status Tracking

Ecosystem JavaScript

Affected packages 57

Primitive binding.gyp / node-gyp

Attack surface npm install and CI/CD build pipeline

Trust boundary Developer or CI runner to package build process

Published 2026-06-04

Attack Path

Compromised package → npm install → binding.gyp / node-gyp → Install-time execution → Credential exposure → CI/CD compromise

Technical Context

The incident demonstrates that binding.gyp and node-gyp should be treated as build-time execution primitives. A package can trigger node-gyp during npm install, creating an execution surface before application runtime.

Observed Behavior

Reported behavior includes credential harvesting, GitHub Actions workflow injection, credential exfiltration and further supply chain propagation through malicious package publishing activity.

Security Implication

Developer workstations, CI/CD runners and build servers may be exposed if affected packages were installed in environments containing npm tokens, GitHub tokens, cloud credentials or workflow secrets.

Recommended Actions

Remove affected package versions, rotate exposed credentials, inspect GitHub Actions workflows, clear dependency caches, rebuild affected environments and monitor package publishing activity.

Severity	Package	Affected versions	CWE	Exploit maturity	Remediation
Critical	ai-sdk-ollama Embedded Malicious Code	0.13.1, 1.1.1, 2.2.1, 3.8.5	CWE-506	Attacked	Avoid affected versions, rotate credentials and review CI/CD installation history.
Critical	@evolvconsulting/evolv-coder-lite Embedded Malicious Code	1.2.0	CWE-506	Attacked	Remove affected version, rotate credentials and inspect build logs.
Critical	autotel-audit Embedded Malicious Code	0.1.15	CWE-506	Attacked	Avoid affected version and rebuild affected environments.
Critical	autotel-backends Embedded Malicious Code	2.12.26	CWE-506	Attacked	Remove affected version and rotate exposed credentials.
Critical	autotel-drizzle Embedded Malicious Code	0.0.27	CWE-506	Attacked	Avoid affected version and review dependency usage.
Critical	eslint-plugin-executable-stories-jest Embedded Malicious Code	1.2.1, 2.1.8	CWE-506	Attacked	Remove affected versions and inspect CI/CD execution history.
Critical	@jagreehal/workflow Embedded Malicious Code	1.16.1	CWE-506	Attacked	Avoid affected version and rotate tokens.
Critical	@vapi-ai/server-sdk Embedded Malicious Code	0.11.1, 0.11.2, 1.2.1, 1.2.2	CWE-506	Attacked	Remove affected versions and audit CI/CD environments.
Critical	autotel Embedded Malicious Code	2.26.4, 3.4.3	CWE-506	Attacked	Avoid affected versions, rebuild affected environments and rotate secrets.
Critical	autotel-adapters Embedded Malicious Code	0.3.5	CWE-506	Attacked	Remove affected version and review installation logs.
Critical	autotel-aws Embedded Malicious Code	0.13.10	CWE-506	Attacked	Avoid affected version and rotate cloud credentials if exposure is suspected.
Critical	autotel-cli Embedded Malicious Code	0.8.14	CWE-506	Attacked	Remove affected version and inspect developer workstation exposure.
Critical	autotel-cloudflare Embedded Malicious Code	2.18.16	CWE-506	Attacked	Avoid affected version and rotate relevant service credentials if exposed.
Critical	autotel-devtools Embedded Malicious Code	0.1.1, 1.0.4, 2.1.1, 3.0.2, 4.0.1, 5.1.1, 6.1.2	CWE-506	Attacked	Remove affected versions and audit developer environments.
Critical	autotel-edge Embedded Malicious Code	3.16.13	CWE-506	Attacked	Remove affected version and review deployment history.
Critical	autotel-eventcatalog Embedded Malicious Code	1.0.1, 2.0.1, 3.0.1, 4.0.2, 5.0.1	CWE-506	Attacked	Avoid affected versions and inspect CI/CD logs.
Critical	autotel-hono Embedded Malicious Code	0.4.26	CWE-506	Attacked	Remove affected version and rotate exposed credentials.
Critical	autotel-mcp Embedded Malicious Code	0.1.14, 2.0.1, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 13.0.1, 14.0.1, 15.0.2, 16.0.1, 17.0.2, 18.0.1, 19.0.1, 20.0.1, 21.1.1, 22.0.1, 23.0.1, 24.0.1, 25.0.1, 26.0.2, 27.0.1, 28.0.3, 29.0.1	CWE-506	Attacked	Remove affected versions and audit CI/CD environments where this package may have been installed.
Critical	autotel-mcp-instrumentation Embedded Malicious Code	29.0.2, 30.0.5, 31.0.1, 32.0.1, 33.0.2, 34.0.1	CWE-506	Attacked	Avoid affected versions and inspect build systems.
Critical	autotel-mongoose Embedded Malicious Code	0.0.3, 1.0.2, 2.0.5, 3.0.1, 4.0.1, 5.0.2, 6.0.1	CWE-506	Attacked	Remove affected versions and review dependency lockfiles.
Critical	autotel-pact Embedded Malicious Code	0.2.2, 1.0.3	CWE-506	Attacked	Avoid affected versions and rotate potentially exposed tokens.
Critical	autotel-playwright Embedded Malicious Code	0.4.32	CWE-506	Attacked	Remove affected version and inspect CI runner activity.
Critical	autotel-plugins Embedded Malicious Code	0.19.26	CWE-506	Attacked	Avoid affected version and review package installation logs.
Critical	autotel-sentry Embedded Malicious Code	0.5.13	CWE-506	Attacked	Remove affected version and rotate exposed secrets.
Critical	autotel-subscribers Embedded Malicious Code	4.1.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.1.1, 15.0.1, 16.0.2, 17.0.1, 18.0.3, 19.0.1, 20.0.1, 21.0.1, 22.0.2, 23.0.2, 24.0.1, 25.0.1, 26.0.1, 27.0.2, 28.0.2, 29.0.6	CWE-506	Attacked	Remove affected versions and inspect dependency installation history.
Critical	autotel-tanstack Embedded Malicious Code	1.13.27	CWE-506	Attacked	Avoid affected version and rotate credentials if installed.
Critical	autotel-terminal Embedded Malicious Code	2.1.1, 3.0.1, 4.0.2, 5.0.1, 6.0.3, 7.0.1, 8.0.1, 9.0.1, 10.0.2, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.2, 16.0.2, 17.0.10, 18.0.4, 19.0.8, 20.0.2, 21.0.1, 22.0.2, 23.0.3	CWE-506	Attacked	Remove affected versions and inspect developer or CI environments.
Critical	autotel-vitest Embedded Malicious Code	0.4.26	CWE-506	Attacked	Avoid affected version and review package installation history.
Critical	autotel-web Embedded Malicious Code	1.12.2	CWE-506	Attacked	Remove affected version and rotate exposed credentials.
Critical	awaitly Embedded Malicious Code	1.33.3	CWE-506	Attacked	Avoid the affected version, rotate exposed credentials and inspect installation logs.
Critical	awaitly-analyze Embedded Malicious Code	0.24.2, 1.1.1, 2.0.1, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1	CWE-506	Attacked	Remove affected versions, rotate credentials and inspect CI/CD installation history.
Critical	awaitly-libsql Embedded Malicious Code	0.1.1, 1.0.1, 2.0.1, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.1, 16.0.1, 17.0.1, 18.1.1, 19.0.1, 20.0.1, 21.0.1, 22.0.1	CWE-506	Attacked	Avoid affected versions, rebuild affected environments and rotate exposed secrets.
Critical	awaitly-mongo Embedded Malicious Code	0.1.1, 1.0.1, 2.0.1, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.1.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.1, 16.0.1, 17.0.1, 18.0.1, 19.1.1, 20.0.1, 21.0.1, 22.0.1, 23.0.1	CWE-506	Attacked	Remove affected versions and review dependency lockfiles.
Critical	awaitly-postgres Embedded Malicious Code	0.1.1, 1.0.1, 2.0.1, 3.0.2, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.1, 16.0.1, 17.0.1, 18.0.1, 19.1.1, 20.0.1, 21.0.1, 22.0.1, 23.0.1	CWE-506	Attacked	Avoid affected versions and inspect database-related build environments for exposed secrets.
Critical	awaitly-visualizer Embedded Malicious Code	1.0.1, 2.0.2, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.1, 16.0.1, 17.0.1, 18.1.1, 19.0.1, 20.0.2, 21.0.1, 22.0.2	CWE-506	Attacked	Remove affected versions and audit developer or CI environments.
Critical	effect-analyzer Embedded Malicious Code	0.3.1	CWE-506	Attacked	Avoid affected version and inspect package installation logs.
Critical	eslint-plugin-awaitly Embedded Malicious Code	0.17.1, 1.0.1	CWE-506	Attacked	Remove affected versions and review CI linting environments.
Critical	eslint-plugin-executable-stories-playwright Embedded Malicious Code	1.2.1, 2.1.8	CWE-506	Attacked	Remove affected versions and inspect CI/CD execution history.
Critical	eslint-plugin-executable-stories-vitest Embedded Malicious Code	1.2.1, 2.1.8	CWE-506	Attacked	Avoid affected versions and inspect CI/CD logs.
Critical	executable-stories-cypress Embedded Malicious Code	3.1.1, 4.0.1, 5.0.1, 6.1.1, 7.0.3, 8.3.2	CWE-506	Attacked	Remove affected versions and inspect test automation runners.
Critical	executable-stories-demo Embedded Malicious Code	0.1.11	CWE-506	Attacked	Avoid affected version and review installation history.
Critical	executable-stories-formatters Embedded Malicious Code	0.11.2	CWE-506	Attacked	Remove affected version and rotate credentials if installed.
Critical	executable-stories-init Embedded Malicious Code	0.1.2	CWE-506	Attacked	Avoid affected version and inspect project initialization environments.
Critical	executable-stories-jest Embedded Malicious Code	3.1.1, 4.0.1, 5.0.1, 6.1.1, 7.0.3, 8.3.2	CWE-506	Attacked	Remove affected versions and inspect test runners and CI execution history.
Critical	executable-stories-mcp Embedded Malicious Code	0.3.3	CWE-506	Attacked	Avoid affected version and audit environments where installed.
Critical	executable-stories-playwright Embedded Malicious Code	3.1.1, 4.0.1, 5.0.1, 6.1.1, 7.0.3, 8.4.3	CWE-506	Attacked	Remove affected versions and inspect browser automation CI runners.
Critical	executable-stories-react Embedded Malicious Code	0.1.7	CWE-506	Attacked	Avoid affected version and review frontend build environments.
Critical	executable-stories-vitest Embedded Malicious Code	2.0.1, 3.1.1, 4.0.1, 5.0.1, 6.1.1, 7.0.3, 8.3.3	CWE-506	Attacked	Remove affected versions and inspect Vitest CI execution environments.
Critical	http-uploader-dev Embedded Malicious Code	1.0.7	CWE-506	Attacked	Avoid affected version and review upload or deployment-related environments.
Critical	mountly Embedded Malicious Code	0.2.2	CWE-506	Attacked	Remove affected version and audit local developer workstations.
Critical	mountly-tailwind Embedded Malicious Code	0.1.3	CWE-506	Attacked	Avoid affected version and inspect frontend build environments.
Critical	node-env-resolver Embedded Malicious Code	6.5.1	CWE-506	Attacked	Remove affected version and rotate environment-related secrets if exposure is suspected.
Critical	node-env-resolver-aws Embedded Malicious Code	9.1.2, 10.0.1, 11.0.1, 12.0.1	CWE-506	Attacked	Remove affected versions and rotate AWS credentials if installed in exposed environments.
Critical	node-env-resolver-dotenvx Embedded Malicious Code	1.0.1, 2.0.1	CWE-506	Attacked	Avoid affected versions and inspect .env or secret-management workflows.
Critical	node-env-resolver-nextjs Embedded Malicious Code	7.4.2	CWE-506	Attacked	Remove affected version and review Next.js build environments.
Critical	node-env-resolver-vite Embedded Malicious Code	2.4.2	CWE-506	Attacked	Remove affected version and review Vite build environments.
Critical	wrangler-deploy Embedded Malicious Code	1.5.5	CWE-506	Attacked	Avoid affected version and inspect deployment credentials and CI/CD usage.