Introduction
Within a matter of hours, a worm dubbed Miasma forced GitHub to disable 73 repositories belonging to the Microsoft, Azure, Azure-Samples, and MicrosoftDocs organizations. This was the final escalation of a campaign quietly launched on June 3, 2026 through the compromise of dozens of npm packages — and a stark reminder of the structural fragility built into modern software supply chains.
A Novel Evasion Technique: Phantom Gyp
What sets Miasma apart from previous npm ecosystem attacks isn't its scale — it's the method. Forget preinstall and postinstall scripts, the well-known vectors that security tooling has monitored for years. Phantom Gyp exploits an entirely different mechanism: the binding.gyp file.
This configuration file, normally used to compile native Node.js modules via node-gyp, does not appear on standard npm lifecycle script watchlists. In just 157 bytes, attackers weaponized it to trigger arbitrary code execution at the moment of a routine npm install — without triggering a single alert in most DevSecOps pipelines. No CVE, no monitored hook. Just a legitimate build mechanism turned against its users.
Automated Propagation at Speed
Miasma doesn't just execute — it replicates. Once a maintainer's npm token is stolen, the worm republishes malicious versions of every package accessible from that account, triggering a chain reaction. In under two hours on June 3, 57 packages had been hit and more than 286 corrupted versions had been pushed to the npm registry.
Early targets included packages under the @redhat-cloud-services namespace and high-adoption SDKs such as @vapi-ai/server-sdk (over 408,000 monthly downloads). The malware systematically exfiltrates AWS, GCP, and Azure tokens, GitHub and npm credentials, and HashiCorp Vault and Kubernetes secrets — all routed to attacker-controlled GitHub repositories used as encrypted dead drops.
The infection reached Microsoft's organizations via a malicious commit injected into the Azure/durabletask repository through a previously compromised contributor account. GitHub responded on June 6 by disabling all 73 affected repositories.
What This Means for Your Engineering Teams
Miasma exposes a fundamental gap that both development teams and CISOs can no longer afford to overlook: security controls focused on npm lifecycle scripts are not enough. A project can run npm audit, enforce Sigstore signature verification, and require provenance attestations — and still be vulnerable if alternative execution vectors like binding.gyp fall outside the monitoring perimeter.
Several concrete actions are now warranted:
- Audit
binding.gypfiles across your dependency tree: their presence isn't automatically malicious, but it should trigger a mandatory review. - Restrict npm and GitHub token permissions in CI/CD pipelines: a compromised token must not grant access to an entire organization's namespace.
- Isolate installation environments: running
npm installin a sandbox with no outbound network access significantly limits exfiltration capability. - Monitor new version releases on your project's critical packages — not just known vulnerabilities in existing ones.
The Software Supply Chain as an Offensive Battleground
Miasma is not an isolated incident. It reflects a deepening trend: threat actors have identified public package registries as a weak link in modern organizations. Any team consuming open-source dependencies — which is to say, virtually every team — is potentially exposed.
As NIS2 now requires European organizations to demonstrate control over their digital supply chains, incidents like Miasma have moved beyond technical alerts. They are organizational risk signals that belong in cyber risk treatment plans.