npm worm

The npm worm tag covers a fast-moving, self-replicating supply-chain worm that executes during npm package installation, harvesting developer and cloud credentials and propagating across repositories and CI/CD environments. Microsoft and U.S. cyber authorities have issued emergency guidance, urging immediate credential rotation, isolation of affected runners, and hunting for the worm's artifacts. This is not a routine package-taint incident—it exfiltrates secrets to attacker-controlled GitHub repositories before installation completes. The tag focuses on urgent defense measures against this specific npm supply chain worm.