Skip to content
Security & Trust

Red Hat's Own npm Packages Compromised: 32 Packages, 96 Versions

Self-propagating npm worm 'Miasma' hijacked @redhat-cloud-services packages via stolen GitHub OIDC tokens.

· 6 min read
Share on X LinkedIn
Red Hat's Own npm Packages Compromised: 32 Packages, 96 Versions

The Enterprise Trust Anchor Broke

Red Hat is the trust anchor for enterprise open source. When organizations evaluate npm dependencies, an @redhat-cloud-services scoped package is the kind of dependency that gets waved through security review. Official namespace. Fortune 500 maintainer. Enterprise-grade governance. Every assumption that makes scoped packages trustworthy failed in June 2026.

A self-propagating npm worm dubbed 'Miasma' compromised 32 packages under the @redhat-cloud-services namespace, publishing 96 malicious versions. The packages collectively receive approximately 117,000 weekly downloads. Each compromised version carried a 4.2MB obfuscated payload designed to harvest cloud credentials.

32
Compromised Packages
Source: Red Hat Advisory RHSB-2026-006, June 2026

How Miasma Propagated

The initial access vector traced back to infostealer malware logs dated April 13. Stolen credentials gave attackers access to a maintainer's GitHub account, which in turn provided access to GitHub OIDC tokens used for automated npm publishing. The attackers did not need npm credentials directly — they leveraged the trust chain between GitHub Actions and npm's provenance-based publishing.

Once inside, Miasma operated as a worm. Each compromised package's publish pipeline was modified to inject the payload into other packages in the same namespace. The 32 packages were not compromised individually — the worm moved laterally through the organization's CI/CD infrastructure, turning each package into a vector for the next.

96
Malicious Versions Published
Source: Wiz Blog, Miasma supply chain analysis, June 2026

What the Payload Harvested

The 4.2MB obfuscated payload was not a simple credential stealer. Wiz's analysis identified targeted extraction of HashiCorp Vault tokens, Kubernetes service account secrets, SSH private keys, AWS session tokens, and GCP service account JSON files. The payload searched standard credential locations, environment variables, and mounted secrets volumes.

For enterprises running Red Hat's cloud services frontend components in their CI/CD pipelines, every build that pulled a compromised version potentially exposed production infrastructure credentials. The blast radius extends far beyond the npm package itself — it reaches into the cloud infrastructure those packages are deployed to manage.

~117,000
Weekly Downloads (Combined)
Source: npm registry statistics, June 2026

GitHub OIDC: The Trusted Pipeline That Wasn't

GitHub's OIDC-based publishing was designed to eliminate the risk of stolen npm tokens. Packages published through GitHub Actions with OIDC provenance carry a cryptographic attestation that the build originated from a specific repository and workflow. The security model assumes the GitHub account and repository are not compromised.

Miasma exploited the gap between those assumptions and reality. The infostealer logs from April 13 provided GitHub credentials. From GitHub, the attacker accessed OIDC tokens. The provenance chain remained technically valid — the packages were published from the correct repository by the correct workflow. The attestation proved the build was legitimate. It was not.

4.2 MB
Obfuscated Payload Size
Source: Wiz Blog, Miasma malware analysis, June 2026

What This Means for Framework Supply Chains

The Miasma incident is not a story about Red Hat's operational security failures. It is a structural indictment of the npm ecosystem's trust model. If @redhat-cloud-services is compromisable, every scoped namespace is compromisable. The distinction between 'trusted' and 'untrusted' npm packages has collapsed.

WebPulse tracks 22 web frameworks, and every modern JavaScript framework depends on hundreds to thousands of npm packages. React, Angular, Vue, Next.js, Nuxt — their security posture is only as strong as the weakest dependency in their tree. When the weakest dependency carries a Red Hat namespace, security teams have no reliable signal for trust.

Red Hat's advisory RHSB-2026-006 provides remediation steps: pin to known-good versions, audit CI/CD logs for unexpected publishes between April 13 and the disclosure date, rotate any credentials that transited through builds using affected versions. The operational cost of that audit, across every enterprise that depends on these packages, dwarfs the cost of the attack itself.

April 13, 2026
Initial Access Date
Source: Wiz Blog, infostealer log analysis, June 2026

For organizations evaluating their web technology stack, the Miasma incident adds a new dimension to the framework selection calculus. Dependency count is a liability metric. Every npm package in the dependency tree is an attack surface. Frameworks with smaller, more controlled dependency graphs present measurably lower supply chain risk.

Share this insight