Cybersecurity researchers have identified a malicious npm package named @acitons/artifact designed to impersonate GitHub’s legitimate @actions/artifact library. The campaign aimed to compromise GitHub-owned repositories by stealing authentication tokens and publishing fake builds.
According to an analysis by Veracode, the threat actor intended for the package’s malicious script to execute during repository build processes, exfiltrating tokens available in the build environment. Those tokens could then be used to publish malicious artifacts under GitHub’s name, potentially compromising trusted software supply chains.
Malicious Versions and Distribution
Researchers observed six infected versions of the package — 4.0.12 through 4.0.17 — each containing a post-install hook that downloaded and executed malware. The legitimate release currently available on npm is version 4.0.10, implying that the attacker, using the alias blakesdev, removed the compromised versions after discovery.
The rogue package first appeared on 29 October 2025 and has since logged over 47,000 total downloads, with 31,398 weekly downloads at its peak. Veracode also detected a related npm package named 8jfiesaf83, which demonstrated similar functionality and achieved roughly 1,000 downloads before its removal.
Payload Analysis
Examination of one infected version revealed that its post-install script attempted to download a binary called harness from a now-deleted GitHub account. This binary was an obfuscated shell script engineered to terminate automatically if executed after 6 November 2025 UTC, an unusual self-destruct control indicating time-limited targeting.
The payload also ran a JavaScript component named verify.js, which checked for specific GITHUB_ environment variables typically present in GitHub Actions workflows. Collected data was exfiltrated in encrypted form to a text file hosted on the app.github.dev subdomain.
“The malware was only targeting repositories owned by the GitHub organisation, making this a highly targeted supply-chain attack,” Veracode said in its advisory.
Scope and Attribution
Veracode’s investigation linked the campaign to activity focused on GitHub’s own repositories, as well as a user account named y8793hfiuashfjksdhfjsk. Although the account exists, it shows no public activity and may have been created for testing or staging purposes during the attack.
The deliberate typosquatting of a widely trusted GitHub package underscores the continuing risks within open-source ecosystems. Threat actors are exploiting developer trust and automation pipelines to inject malicious code directly into supply chains, potentially compromising thousands of dependent projects.
Mitigation and Recommendations
- Verify npm package names carefully before installation to avoid typosquatted dependencies.
- Monitor for unexpected build behaviour, especially post-install hooks or outbound network calls.
- Use integrity verification tools and private registries to control dependency sources.
- Review CI/CD pipelines to ensure tokens and environment secrets are restricted.
The incident serves as a reminder that software supply-chain attacks continue to evolve. Even minor typographical errors in dependency names can expose entire organisations to compromise, emphasising the importance of vigilance and strong dependency-management practices.