# Miasma v2: Self-Spreading npm Worm Now Uses Malicious binding.gyp file and Compromises 57 Packages

> Source: <https://semgrep.dev/blog/2026/miasma-v2-self-spreading-npm-worm-now-uses-malicious-bindinggyp-file-and-compromises-57-packages>
> Published: 2026-06-04 00:00:00+00:00

A self-spreading npm worm dubbed **Miasma** compromised 57 npm packages across 286+ malicious versions. Rather than using the usual preinstall/postinstall lifecycle scripts in package.json, the malware ships a ~157-byte binding.gyp file containing a command-substitution action ("<!(node index.js > /dev/null 2>&1 && echo stub.c)"). This triggers arbitrary code execution during npm install __without__ declaring a lifecycle script. And it’s showing its effectiveness, [ spreading through npm packages much quicker than the attackers first attack earlier this week](https://semgrep.dev/blog/2026/forking-shai-hulud-redhat-npm-packages-are-the-next-victim-after-github-actions-compromise-and-worm/).

The payload is once again highly obfuscated and harvests AWS, GCP, and Azure credentials, GitHub Actions secrets (including direct extraction from runner process memory via /proc/*/mem), and 1Password, gopass, and pass credential stores. It also injects persistent backdoors into AI coding-assistant configuration files to poison AI-generated code. Finally just like [ Mini Shai-Hulud](https://semgrep.dev/blog/2026/children-of-shai-hulud-an-analysis-of-the-the-evolution-delivery-and-spread-of-the-tanstack-shai-hulud-campaign/) propagates automatically by forging provenance attestations so reinfected packages appear legitimate. Stolen credentials are once again exfiltrated to attacker-controlled GitHub repositories.

**Affected Packages**

@evolvconsulting/evolv-coder-lite version 1.2.0

@jagreehal/workflow version 1.16.1

@vapi-ai/server-sdk versions 0.11.1, 0.11.2, 1.2.1, 1.2.2

ai-sdk-ollama versions 0.13.1, 1.1.1, 2.2.1, 3.8.5

autotel versions 2.26.4, 3.4.3

autotel-adapters version 0.3.5

autotel-audit version 0.1.15

autotel-aws version 0.13.10

autotel-backends version 2.12.26

autotel-cli version 0.8.14

autotel-cloudflare version 2.18.16

autotel-devtools versions 0.1.1, 1.0.4, 2.1.1, 3.0.2, 4.0.1, 5.1.1, 6.1.2

autotel-drizzle version 0.0.27

autotel-edge version 3.16.13

autotel-eventcatalog versions 1.0.1, 2.0.1, 3.0.1, 4.0.2, 5.0.1

autotel-hono version 0.4.26

autotel-mcp versions 0.1.14, 2.0.1, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 13.0.1, 14.0.1, 15.0.2, 16.0.1, 17.0.2, 18.0.1, 19.0.1, 20.0.1, 21.1.1, 22.0.1, 23.0.1, 24.0.1, 25.0.1, 26.0.2, 27.0.1, 28.0.3

autotel-mcp-instrumentation versions 29.0.2, 30.0.5, 31.0.1, 32.0.1, 33.0.2, 34.0.1

autotel-mongoose versions 0.0.3, 1.0.2, 2.0.5, 3.0.1, 4.0.1, 5.0.2, 6.0.1

autotel-pact versions 0.2.2, 1.0.3

autotel-playwright version 0.4.32

autotel-plugins version 0.19.26

autotel-sentry version 0.5.13

autotel-subscribers versions 4.1.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.1.1, 15.0.1, 16.0.2, 17.0.1, 18.0.3, 19.0.1, 20.0.1, 21.0.1, 22.0.2, 23.0.2, 24.0.1, 25.0.1, 26.0.1, 27.0.2, 28.0.2, 29.0.6, 30.0.4, 31.1.4

autotel-tanstack version 1.13.27

autotel-terminal versions 2.1.1, 3.0.1, 4.0.2, 5.0.1, 6.0.3, 7.0.1, 8.0.1, 9.0.1, 10.0.2, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.2, 16.0.2, 17.0.10, 18.0.4, 19.0.8, 20.0.2, 21.0.1, 22.0.2, 23.0.3

autotel-vitest version 0.4.26

autotel-web version 1.12.2

awaitly version 1.33.3

awaitly-analyze versions 0.24.2, 1.1.1, 2.0.1, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1

awaitly-libsql versions 0.1.1, 1.0.1, 2.0.1, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.1, 16.0.1, 17.0.1, 18.1.1, 19.0.1, 20.0.1, 21.0.1, 22.0.1

awaitly-mongo versions 0.1.1, 1.0.1, 2.0.1, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.1.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.1, 16.0.1, 17.0.1, 18.0.1, 19.1.1, 20.0.1, 21.0.1, 22.0.1, 23.0.1

awaitly-postgres versions 0.1.1, 1.0.1, 2.0.1, 3.0.2, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.1, 16.0.1, 17.0.1, 18.0.1, 19.1.1, 20.0.1, 21.0.1, 22.0.1, 23.0.1

awaitly-visualizer versions 1.0.1, 2.0.2, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.1, 16.0.1, 17.0.1, 18.1.1, 19.0.1, 20.0.2, 21.0.1, 22.0.2

effect-analyzer version 0.3.1

eslint-plugin-awaitly versions 0.17.1, 1.0.1

eslint-plugin-executable-stories-jest versions 1.2.1, 2.1.8

eslint-plugin-executable-stories-playwright versions 1.2.1, 2.1.8

eslint-plugin-executable-stories-vitest versions 1.2.1, 2.1.8

executable-stories-cypress versions 3.1.1, 4.0.1, 5.0.1, 6.1.1, 7.0.3, 8.3.2

executable-stories-demo version 0.1.11

executable-stories-formatters version 0.11.2

executable-stories-init version 0.1.2

executable-stories-jest versions 3.1.1, 4.0.1, 5.0.1, 6.1.1, 7.0.3, 8.3.2

executable-stories-mcp version 0.3.3

executable-stories-playwright versions 3.1.1, 4.0.1, 5.0.1, 6.1.1, 7.0.3, 8.4.3

executable-stories-react version 0.1.7

executable-stories-vitest versions 2.0.1, 3.1.1, 4.0.1, 5.0.1, 6.1.1, 7.0.3, 8.3.3

http-uploader-dev version 1.0.7

mountly version 0.2.2

mountly-tailwind version 0.1.3

node-env-resolver version 6.5.1

node-env-resolver-aws versions 9.1.2, 10.0.1, 11.0.1, 12.0.1

node-env-resolver-dotenvx versions 1.0.1, 2.0.1

node-env-resolver-nextjs version 7.4.2

node-env-resolver-vite version 2.4.2

wrangler-deploy version 1.5.5

**For Semgrep Customers**

**Trigger a new scan** if you haven't recently on your projectsto see if any projects have installed these package versions recently, or the**Check the advisories page****Dependency filter** to see if you are using any earlier versions.If you are:

Check if you have any of the file/system artefacts, particularly the persistence through Claude, Cursor, VSCode and Gemini

If you are affected you should also immediately investigate all CI/CD pipelines too

Rotate any credentials associated with the pipeline and the compromised user

**Indicators of Compromise**

**Domains / C2 Servers**

Exfiltration path pattern: {repo}/contents/results/results-{timestamp}.json

C2 beacon keyword (GitHub commit search): thebeautifulmarchoftime

Token validation keyword: IfYouInvalidateThisTokenItWillNukeTheComputerOfTheOwner

Bun runtime download URL: github.com/oven-sh/bun/releases/download/bun-v1.3.13/bun-*.zip

**Files / System Artifacts**

binding.gyp — 157-byte file triggering code execution during npm install

Root-level index.js — obfuscated payload (4+ MB) injected alongside legitimate package code

/tmp/b-* — temp directory containing the downloaded Bun binary

AI assistant backdoor files: .claude/setup.mjs, .claude/settings.json, .cursor/rules/setup.mdc, .gemini/settings.json, .vscode/tasks.json, .vscode/setup.mjs, .github/setup.js
