On April 30, SAP released SAP Security Note 3747787 in response to the discovery of malicious code in npm packages connected to SAP development tools. The code is part of a malware campaign labelled Mini Shai-Hulud targeting the software supply chain for SAP cloud development. Shai-Hulud is a reference to the sandworms from the fictional Dune series. The packages were available in the npm ecosystem on April 29 for approximately two to four hours.
The NPM ecosystem is the collection of tools, packages, and services for npm, the default package manager for Node.js. At the center of the ecosystem is the npm registry, a public repository of reusable JavaScript and TypeScript packages. Developers use npm to install libraries, frameworks, command-line tools, build utilities, and application dependencies.
Node.js is a runtime environment for JavaScript and widely used in SAP applications for cloud-native SAP extensions, integrations, APIs, and user-facing applications. It is especially common in SAP Business Technology Platform (BTP) developments. The SAP Cloud Application Programming Model (CAP) supports Node.js. Developers use Node.js to build service layers, business logic, REST/OData APIs, and extensions for SAP applications. Node.js is also often used to build side-by-side extensions for SAP S/4HANA, SAP SuccessFactors, SAP Ariba, SAP Fieldglass, and other SAP solutions on SAP BTP. Node.js applications can call SAP APIs, consume OData services, connect to SAP Integration Suite, and exchange data with SAP and non-SAP systems. Node.js modules are often packaged as Multi-Target Applications (MTA) in SAP cloud applications.
The installation of the compromised npm packages for Node.js can lead to the theft of sensitive credentials. This includes GitHub tokens, npm tokens, and cloud credentials. Mini Shai-Hulud uses public GitHub repositories for encrypted data exfiltration and may attempt to propagate through developer repositories or tooling configurations.
The affected packages include @cap-js/sqlite v2.2.2, @cap-js/postgres v2.2.2, @cap-js/db-service v2.10.1, and mbt v1.2.48.
Attack Details
- A malicious .vscode/tasks.json file is added with “runOn”: “folderOpen”, causing code to execute automatically when the folder is opened in VS Code.
- A modified .claude/settings.json is added with a SessionStart hook that runs when a Claude Code session begins.
- Both mechanisms download the Bun runtime and execute an obfuscated 11.2 MB JavaScript file (execution.js) with full user privileges.
- In CI, the release pipeline is tampered with to exfiltrate npm OIDC credentials and publish trojanized packages.
Recommended Actions
- Do NOT open the cds-dbs directory (cap-js/sqlite) in VS Code or Claude Code. The attack relies on automatic execution triggers that immediately run malicious code when the project is opened.
- Verify whether your system has been impacted.
Using a shell outside of any IDE, execute:
ls path/to/cds-dbs/.claude/setup.mjs path/to/cds-dbs/.vscode/setup.mjs 2>/dev/null
If any of these files are present, treat the system as compromised and proceed with incident response steps.
- Do NOT pull updates or switch branches in this repository.
- Identify whether affected SAP npm packages or versions were installed in developer workstations, build agents, or CI/CD pipelines.
- Remove or upgrade compromised packages to clean versions.
- Rotate GitHub, npm, cloud, CI/CD, and service account credentials that may have been exposed.
- Review GitHub repositories for suspicious commits, workflow changes, .vscode/tasks.json, .claude/settings.json, or unexpected dependency updates.
- Audit CI/CD logs, npm install activity, GitHub token usage, and cloud access events around the suspected exposure window.
Software Supply Chain Governance
The Mini Shai-Hulud malware campaign illustrates the growing risk of software supply chain attacks against modern SAP development environments. Rather than exploiting a vulnerability in SAP solutions directly, the campaign targets open-source npm packages used in SAP cloud development workflows, demonstrating how malicious code can enter an organization through trusted development tools, third-party libraries, and build pipelines.
This risk is not limited to custom SAP applications. Third-party applications that integrate with SAP solutions can also introduce exposure if they rely on compromised open-source components or libraries, potentially creating indirect paths to sensitive credentials, application data, repositories, or cloud environments. Mini Shai-Hulud reinforces the need for stronger governance over open-source dependencies, package sources, CI/CD pipelines, and developer credentials.
Unlike solutions that depend on open-source components, the Cybersecurity Extension for SAP from Layer Seven Security is completely closed-source and does not use open-source components, making it less vulnerable to software supply chain attacks that exploit public package ecosystems.