A researcher from Koi Security has raised concerns, stating that two major platforms still haven’t fixed vulnerabilities that allow dangerous worm attacks. He argues that ‘the JavaScript ecosystem truly deserves more robust security.’
If you’re a JavaScript developer, you might want to think about switching away from the npm and yarn platforms for distributing your projects. That’s the stark warning from an Israeli researcher, who says recently discovered security flaws could let attackers unleash harmful ‘worm’ attacks, similar to the infamous Shai-Hulud.
This urgent message comes from Oren Yomtov, a security expert at Koi Security. He recently revealed in a blog post on Monday that he found six brand-new, ‘zero-day’ vulnerabilities across several package managers. These critical flaws could allow malicious actors to completely bypass the security measures put in place last November, after the Shai-Hulud worm wreaked havoc on npm, affecting over 700 packages.
Back then, these were the recommended defenses:
- disabling the ability to run lifecycle scripts, which are commands that execute automatically when a package is installed,
- saving lockfile integrity checks (such as package-lock.json, pnpm-lock.yaml, and others) to version control (like git). The lockfile precisely records the version and integrity hash for every package in a dependency tree. During subsequent installations, the package manager checks incoming packages against these saved hashes. If there’s any mismatch, the installation should fail. This means if an attacker compromises a package and pushes a malicious version, the integrity check ought to detect the discrepancy and prevent it from being installed.
According to Yomtov, these recommendations quickly became the go-to advice, appearing in everything from GitHub’s security guides to company policies, with the idea that “if malicious code can’t run on install, and your dependency tree is pinned, you’re covered.”
The November Advice Still Holds, But We Have More Problems to Tackle
He confirmed in a follow-up email interview that the original advice remains important and relevant.
However, Yomtov emphasized that the vulnerabilities he’s now uncovered—collectively named PackageGate—enable attackers to bypass those very defenses. He stressed that *all* platforms must urgently fix these new bypass flaws.
While pnpm, vlt, and Bun have already patched these bypass vulnerabilities, npm and yarn have not, according to Yomtov. Because of this, he advises JavaScript developers to consider using pnpm, vlt, or Bun instead.
Regardless of your choice, he strongly urged all JavaScript developers to always keep their chosen package manager updated, ensuring they have access to the most recent security fixes.
GitHub’s Response Described as ‘Bewildering’
Microsoft, the parent company overseeing npm via GitHub, directed inquiries about these vulnerabilities to GitHub. In a statement, GitHub responded, “We are actively working to address the new issue reported as npm actively scans for malware in the registry.” They also reiterated their call for project developers to follow the security recommendations outlined in a blog post published after the earlier Shai-Hulud attacks.
GitHub’s statement also pointed out that, back in September, they announced plans to beef up npm’s security, which included overhauling authentication and token management processes.
Furthermore, GitHub cautioned that if you install a package directly from git that includes a ‘prepare script,’ its dependencies and devDependencies will also be installed. Their stance is, “As we shared when the ticket was filed, this is an intentional design and works as expected. When users install a git dependency, they are trusting the entire contents of that repository, including its configuration files.”
Yomtov, however, found this explanation—that it’s an ‘intentional design’—quite perplexing.
It’s Not the Whole Story
Yomtov disclosed that this script bypass vulnerability was reported via the HackerOne bug bounty program on November 26, 2025. Interestingly, while other JavaScript package managers acknowledged these reports, npm maintained that their platform was functioning as designed, suggesting that the ‘ignore scripts’ command should adequately prevent unauthorized remote code execution.
“We didn’t write this post to point fingers,” Yomtov clarified in the blog. “We did it because the JavaScript ecosystem truly deserves better security, and because critical security decisions need to be made based on accurate information, not on assumptions about defenses that simply aren’t holding up.”
He concluded, “The usual advice—disabling scripts and committing your lockfiles—is still valuable and worth following. However, it doesn’t tell the whole story. Until these PackageGate issues are completely resolved, organizations must make their own well-informed decisions regarding the risks involved.”
