|

Toptal GitHub Hacked: 10 Malicious npm Packages, 5,000 Downloads, and What It Means for Every Developer

ByInnoVirtuoso

What if the next npm install you run wipes your computer and steals your secrets? That scenario isn’t just a hypothetical anymore. In July 2025, Toptal—a platform trusted by thousands of top developers and businesses—had its GitHub organization breached, resulting in the publication of 10 malicious npm packages that were downloaded over 5,000 times before being caught. The attack didn’t just aim to steal credentials; it tried to destroy entire systems, hurting unsuspecting developers and their organizations.

If you build with open-source tools, this story is your wake-up call. Let’s dive into what happened, why it matters, and—most importantly—what you can do to protect yourself and your team.

The Toptal GitHub Breach: What Really Happened?

In late July 2025, security researchers at Socket uncovered a sophisticated supply chain attack targeting Toptal’s GitHub organization. Attackers compromised the account and pushed ten malicious packages to the npm registry. These weren’t random packages—they were popular Node.js libraries under Toptal’s namespace, making them appear safe and trustworthy to anyone installing them.

The Affected Packages

Here’s the full list of compromised npm packages:

  • @toptal/picasso-tailwind
  • @toptal/picasso-charts
  • @toptal/picasso-shared
  • @toptal/picasso-provider
  • @toptal/picasso-select
  • @toptal/picasso-quote
  • @toptal/picasso-forms
  • @xene/core
  • @toptal/picasso-utils
  • @toptal/picasso-typograph

Over 5,000 downloads occurred before the attack was discovered and the packages removed. If you’re thinking, “I’m not a Toptal customer, so I’m safe,” let me explain why you might still be at risk.

What Did the Malicious Code Do?

All the compromised packages carried an identical payload buried in their package.json scripts—specifically, the preinstall and postinstall hooks. When installed, these scripts did two things:

  1. Exfiltrated GitHub Authentication Tokens: The malicious code sent the developer’s GitHub credentials to a remote endpoint.
  2. Silently Destroyed Data: On both Windows and Linux systems, the script ran destructive commands (rm /s /q or sudo rm -rf --no-preserve-root /), which recursively deleted files and directories, potentially wiping entire systems without any warning.

Let that sink in: a single install command could have resulted in stolen data and a bricked development machine.

Software Supply Chain Attacks: The Growing Threat

Why are hackers targeting open-source ecosystems like npm and PyPI? Because they’re the beating heart of modern development. If attackers can poison the well, they can potentially compromise thousands—or millions—of downstream applications, companies, and users.

Why You Should Care (Even If You Don’t Use Toptal Packages)

  • Transitive Dependencies: You might not install these packages directly, but if they’re a dependency of another module you use, you could be exposed.
  • Trust Exploitation: Attackers leverage the reputation of known brands and organizations to spread their malware further and faster.
  • Automation Amplifies Impact: CI/CD pipelines and automated builds mean a compromised package can infect hundreds of environments almost instantly.

This isn’t just a Toptal or npm problem—it’s a systemic risk for anyone building with open-source code.

How Did the Attackers Compromise Toptal’s GitHub?

The exact entry point is still under investigation, but security experts have outlined several plausible scenarios:

  • Leaked Credentials: Access tokens, passwords, or API keys may have been stolen or exposed.
  • Social Engineering: Attackers might have tricked a Toptal employee or contractor into revealing their login details.
  • Rogue Insider: A trusted team member with malicious intent could have pushed the bad code.
  • OAuth Token Abuse: Third-party integrations with excessive permissions could have been hijacked.

No matter the vector, the lesson is the same: even organizations with strong reputations and security programs are vulnerable if any piece of the access puzzle is weak.

An Alarming Trend: Recent Attacks on npm, PyPI, and VS Code

If you’re feeling déjà vu, you’re not alone. The Toptal incident is the latest in a wave of supply chain attacks targeting open-source registries and developer tools. Here are a few recent cases that underscore the scale and creativity of today’s attackers.

npm and PyPI: Surveillanceware Hits Thousands

Researchers identified several malicious packages across npm and PyPI (Python Package Index) that infected developer machines with spyware. Some of the most notable:

  • dpsdatahub (npm) – 5,869 downloads
  • nodejs-backpack (npm) – 830 downloads
  • m0m0x01d (npm) – 37,847 downloads
  • vfunctions (PyPI) – 12,033 downloads

What did these packages do?

  • Keystroke Logging: Captured everything typed—potentially including passwords and sensitive code.
  • Screenshot & Webcam Capture: Stole visual information and even images from developer webcams.
  • System Reconnaissance: Gathered extensive machine details and credentials.
  • Stealthy Data Exfiltration: Used Slack webhooks, Gmail SMTP, AWS Lambda, and Burp Collaborator to send stolen data to attackers, making detection tricky.

The sophistication is chilling. These packages didn’t just slip past manual review—they actively evaded traditional security tools.

Amazon Q for VS Code: AI Gone Rogue

In a particularly bold incident, a hacker submitted a malicious pull request to the Amazon Q extension for Visual Studio Code. The rogue code instructed the AI-powered tool to:

  • Erase the User’s Home Directory
  • Delete All AWS Resources Associated with the User

The malicious version (1.84.0) actually made it to the VS Code Marketplace before being caught and replaced by version 1.85.0.

The hacker claimed their intent was to expose the “illusion of security and lies” at Amazon—a chilling reminder that even the tools that help us code can become attack vectors.

Why Are Supply Chain Attacks So Hard to Stop?

Let’s cut through the jargon. Here’s the basic problem: open-source ecosystems are built on trust. Any developer can contribute, and packages are often maintained by small teams or individuals. This openness is a feature, not a bug—but it also makes policing every commit and every release nearly impossible.

Key Challenges:

  • Sheer Scale: npm alone hosts over 2 million packages. Manual review isn’t feasible.
  • Automated Trust: Tools often auto-update or auto-install dependencies.
  • Complex Chains: A single project can have hundreds of direct and indirect dependencies, each with their own risks.
  • Human Factors: Even the best teams make mistakes, fall for phishing, or misconfigure permissions.

How to Defend Against Malicious Packages: Practical Steps for Developers and Teams

All this sounds scary—but you’re not powerless. Here’s how to protect your projects and your organization.

1. Lock Down Your Dependencies

  • Use lockfiles (package-lock.json, yarn.lock) to freeze dependencies at known-good versions.
  • Audit dependencies regularly with tools like npm audit, Snyk, or Socket.
  • Prefer direct dependencies: Minimize your reliance on packages you don’t know or trust.

2. Secure Authentication and Access

  • Enable 2FA everywhere: Especially for GitHub, npm, and other critical accounts (GitHub 2FA Guide).
  • Rotate credentials regularly and immediately after any suspected compromise.
  • Limit permissions: Follow the principle of least privilege for users and bots.

3. Monitor for Suspicious Activity

  • Set up alerts for new, updated, or unpublished dependencies.
  • Monitor CI/CD logs for unexpected install or execution scripts.
  • Automate anomaly detection for package behavior (e.g., unexpected network calls during install).

4. Isolate and Sandboxed Environments

  • Use containers (like Docker) for risky or untrusted build steps.
  • Don’t grant unnecessary filesystem or network access to build tools.

5. Respond Rapidly to Incidents

  • Have a playbook for revoking tokens, rolling back dependencies, and notifying stakeholders.
  • Share information with the community when you discover or suspect a breach.

Here’s why that matters: The faster you react, the less damage an attacker can do—not just to you, but to the wider ecosystem.

The Human Element: Why Security Is Everyone’s Job

It’s tempting to think these attacks only happen to “big” companies. But the truth is, attackers are opportunists. They go after any weak link—individuals, startups, open-source maintainers, or Fortune 500s.

  • If you’re a developer: Vet the packages you use. Pay attention to install script warnings. Don’t ignore those “This package runs code on install” prompts.
  • If you manage a team: Make security hygiene part of your onboarding and review process. Assume that compromise is possible, and plan accordingly.
  • If you contribute to open source: Protect your accounts and repos like your digital life depends on it—because, increasingly, it does.

What Can the Ecosystem Do? Towards More Secure Open Source

While individual vigilance is crucial, systemic change is needed, too. Here are some promising developments and ongoing efforts:

  • Mandatory 2FA for Maintainers: npm and GitHub are both moving toward requiring two-factor authentication for publish permissions.
  • Automated Package Scanning: Tools like Socket, GitHub’s Dependabot, and Snyk are getting better at flagging suspicious changes.
  • Security Auditing Services: More organizations are investing in third-party code audits and attack simulations.
  • Community Reporting: Platforms are making it easier to flag and remove malicious packages quickly.

Let me be clear: Supply chain security is a moving target. Attackers aren’t standing still, and neither can we.

Key Takeaways: Staying Ahead of the Next Attack

If there’s one lesson from the Toptal breach and the related attacks, it’s this: no package, tool, or ecosystem is immune. But by understanding the risks and taking practical steps, you can dramatically reduce your exposure.

Here’s what you should do next:

  1. Audit your dependencies—immediately, and then regularly.
  2. Enable security features like 2FA on every sensitive account.
  3. Educate your team about social engineering and supply chain risks.
  4. Stay informed—subscribe to security alerts and community reports.
  5. Contribute to the culture of security in open source.

The era of “install and forget” is over. In today’s landscape, every install is an act of trust—and, increasingly, one of risk calculation.

Frequently Asked Questions (FAQ)

What is a software supply chain attack?

A software supply chain attack occurs when hackers compromise any component (like open-source packages, libraries, or build tools) that’s part of the software development pipeline, in order to insert malicious code. The goal is to infect as many downstream users as possible. Read more at CISA.

How do I know if I installed a malicious npm package?

Check your package-lock.json or yarn.lock for the names and versions of dependencies. Review your installation and CI/CD logs for unexpected behavior, warnings, or network requests during install. Use tools like npm audit or Socket to scan for known threats.

What should I do if I find a suspicious package in my project?

Immediately remove the suspect package, revoke any potentially compromised credentials (especially GitHub or npm tokens), and notify your security team or the package registry. Consider restoring from backups and running forensic analysis to check for lingering malware.

How can I protect myself from harmful preinstall/postinstall scripts?

Avoid using packages with install scripts unless absolutely necessary. Always review what install scripts are doing (you can examine the package.json). Use sandboxed environments (like Docker containers) for risky operations, and favor packages with transparent, well-audited code.

Why do attacks keep happening in open-source ecosystems?

Open source is built on transparency and trust, but also on vast, decentralized contributions. Malicious actors exploit the sheer scale and the fact that security reviews can’t keep pace with rapid development. The best defense is a mix of automation, community vigilance, and education.

Where can I stay up-to-date on supply chain security news?

Great resources include: – The Hacker NewsBleepingComputerSnyk BlogSocket Blog

Stay Secure, Stay Curious

The Toptal npm breach is a sobering reminder of how trust, once broken, can ripple through the entire software world. But it’s also a call to action: to double down on vigilance, to support better security in our tools and communities, and to never take open-source safety for granted.

Want to keep your code safe and stay ahead of the latest threats? Subscribe to our blog for ongoing insights, practical tips, and expert analysis on software security.

Security is a journey, not a destination. Let’s walk it together—one safe install at a time.

Discover more at InnoVirtuoso.com

I would love some feedback on my writing so if you have any, please don’t hesitate to leave a comment around here or in any platforms that is convenient for you.

For more on tech and other topics, explore InnoVirtuoso.com anytime. Subscribe to my newsletter and join our growing community—we’ll create something magical together. I promise, it’ll never be boring! 

Stay updated with the latest news—subscribe to our newsletter today!

Thank you all—wishing you an amazing day ahead!

Read more related Articles at InnoVirtuoso

InnoVirtuoso

Hello there! I'm passionate content writer navigating the digital landscape. With a deep love for words and an insatiable curiosity about technology.

With 10 years of experience in IT field, I write mostly about emerging tech, sharing news, informational articles and covering other topics I find interesting.

Let's craft the future of content together – one word at a time!

Browse InnoVirtuoso for more!