For organizations that rely on open source software, trust is built into every stage of the development process. Teams routinely incorporate packages from official repositories, automate deployments through CI/CD pipelines, and depend on publishing systems to deliver authentic code. When those trusted channels are compromised, the impact can extend far beyond a single application.
That is the message behind a new investigation from cloud security company Upwind. The company disclosed research into a coordinated software supply chain attack involving multiple official AsyncAPI npm packages, concluding that attackers compromised multiple repositories and publishing pipelines as part of the same campaign.
The findings illustrate how software release infrastructure itself has become an attractive target for attackers seeking broader access to development environments.
The campaign extended across the AsyncAPI ecosystem
According to Upwind, the attack was not limited to one compromised package or repository.
Researchers confirmed that two GitHub repositories had been breached during the campaign. They also uncovered evidence of a second independent repository compromise, indicating that attackers successfully accessed multiple publishing pipelines rather than exploiting a single release process.
The investigation further showed that different release branches were targeted while different OpenID Connect (OIDC) publishing identities were abused within a short timeframe. Together, those findings suggest a coordinated operation that affected multiple components of the AsyncAPI ecosystem.
By compromising several parts of the release process, the attackers were able to distribute backdoored packages through official publishing channels that developers would typically regard as trustworthy.
A technique designed to blend into normal operations
Upwind’s research also highlighted a change in execution methods.
Instead of relying on preinstall or postinstall scripts commonly associated with npm attacks, the malicious code was designed to execute during normal package imports or through alternative execution paths. This allows malicious behavior to occur as part of expected application activity rather than during package installation.
Researchers observed several execution techniques throughout the campaign. Despite those variations, they found repeated use of the same infrastructure and malware patterns across the compromised repositories and publishing pipelines, linking the incidents together as part of a coordinated effort.
The challenge for security teams
Because the affected packages originated from official publishing channels, organizations following standard dependency management practices could unknowingly introduce malicious code into their development environments.
According to Upwind, both developer workstations and CI/CD runners that imported the affected packages should be treated as potentially compromised. The attack demonstrates that legitimate distribution channels can become the vehicle for malicious code when publishing infrastructure is breached.
“This wasn’t just a malicious package -it was a compromise of trust,” said Amiram Shachar, CEO and Co-Founder of Upwind. “Multiple official AsyncAPI packages were published with backdoored code from separate repositories and publishing pipelines, showing that attackers are increasingly targeting the software release process itself.”
Recommended response
Based on its investigation, Upwind recommends that organizations review their software supply chains and determine whether affected package versions entered their development environments.
Among the company’s recommendations are verifying the exact versions of dependencies in use, pinning packages to verified and trusted releases, and reviewing dependency updates, lockfiles, and Software Bills of Materials (SBOMs) for unexpected changes.
The company also advises rotating credentials that were accessible from affected development environments after treating developer workstations and CI/CD runners that imported the packages as potentially compromised.
Looking beyond prevention
The investigation concludes with a broader observation about securing modern software development. Preventing malicious packages from entering an environment remains important, but attacks that exploit trusted publishing channels require organizations to monitor what software does after it begins running.
Upwind says runtime visibility and continuous monitoring throughout the software development lifecycle play an important role in identifying malicious behavior that may not be apparent during installation or static code analysis. The company continues to monitor the campaign and is encouraging organizations to evaluate their software supply chain security practices as attackers continue to refine their methods.



