Supply Chain Attack Compromises @immobiliarelabs Backstage npm Packages
By
SocketDev
Summary
Socket Threat Research has identified a supply chain compromise dubbed "Miasma Mini Shai-Hulud" targeting legitimate @immobiliarelabs Backstage npm packages. The attack affected packages including GitLab integration and LDAP authentication plugins, with malicious releases published to the npm registry. This represents a software supply chain security incident where trusted open-source packages were weaponized.
Source
bskySupply Chain Attack Compromises @immobiliarelabs Backstage npm Packageshendryadrian.comKey quotes
· 2 pulledSocket Threat Research reported a fresh Miasma Mini Shai-Hulud supply chain compromise that hit legitimate @immobiliarelabs Backstage npm packages
The attack included GitLab integration and LDAP authentication plugins, with malicious releases published to the npm registry
You might also wanna read
GitLab Identifies Large-Scale npm Supply Chain Attack with Destructive Malware
GitLab's security researchers have uncovered a large-scale supply chain attack in the npm ecosystem involving a destructive malware variant

Miasma supply chain attack: malicious code found in @redhat-cloud-services npm packages

TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack
Shai-Hulud: Largest npm Supply-Chain Compromise Affecting CrowdStrike and Hundreds of Packages
The Shai-Hulud malware campaign represents the largest and most dangerous npm supply-chain compromise in history, affecting hundreds of pack
317 npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack
A major npm supply chain attack occurred on May 19, 2026, when the npm account of maintainer "atool" was compromised. The attacker published


Comments
Sign in to join the conversation.
No comments yet. Be the first.