npm

@postman/wdio-junit-reporter

@postman/wdio-junit-reporter is identified in the SafeDep analysis "Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.

discovered 2025-11-24

Threat types

credential_stealerdata_exfiltrationwormpersistence

Malicious versions

0.0.4
0.0.5

Campaigns

Shai-Huludattributed-to

Indicators

sha25662ee164b9b306250c1172583f138c9614139264f889fa99614903c12755468d0indicates
sha256a3894003ad1d293ba96d77881ccd2071446dc3f65f434669b49b3da92421901aindicates

Techniques

ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
ttpT1552.001 Unsecured Credentials: Credentials In Filesuses
ttpT1041 Exfiltration Over C2 Channeluses
ttpT1528 Steal Application Access Tokenuses
ttpT1105 Ingress Tool Transferuses
ttpT1071.001 Application Layer Protocol: Web Protocolsuses
ttpT1102 Web Serviceuses
ttpT1546 Event Triggered Executionuses
ttpT1021 Remote Servicesuses
ttpT1098 Account Manipulationuses
ttpT1027 Obfuscated Files or Informationuses

Read the full analysis →