Snyk: Critical NPM Supply Chain Attack Response Guide

Name: Snyk: Critical NPM Supply Chain Attack Response Guide
Uploaded: 2026-06-17T11:47:51-04:00
Duration: 48 s
Description: TL;DR Any environment that installed et10 stack/router family packages on May 11th should be treated as compromised and checked for the router_init.js file in the tarball Remediation must follow a specific order: disable the dead man switch and remove ...

Snyk

06/17/2026

0 (0%)

Report Like Favorite

TL;DR

Any environment that installed et10 stack/router family packages on May 11th should be treated as compromised and checked for the router_init.js file in the tarball
Remediation must follow a specific order: disable the dead man switch and remove persistent hooks before rotating credentials to prevent triggering home directory destruction
Two configuration changes provide protection: set minimum NPM release age to 7 days and pin OIDC trusted publisher config to specific branch and workflow file

Summary

This urgent security advisory addresses a critical supply chain attack targeting the et10 stack/router family of NPM packages on May 11th. The video provides immediate response guidance for potentially compromised environments, emphasizing the importance of proper remediation sequencing to prevent data loss. Key protective measures include implementing a 7-day minimum release age in NPM configurations and restricting OIDC trusted publisher settings to specific branches and workflow files rather than entire repositories. The guidance is particularly relevant for development teams using affected packages in production environments, as the attack included sophisticated persistence mechanisms and destructive capabilities that could be triggered by premature credential rotation.

Chapters

0:00 - Compromise Assessment
0:09 - Remediation Sequence
0:23 - Preventive Configuration
0:37 - Additional Resources

Key Quotes

0:00 "If you installed any et10 stack slash router family package on May 11th, treat that environment as compromised."
0:15 "The remediation order matters. Kill the dead man switch and remove editor persistent hooks before you rotate any credentials."
0:27 "Set minimum release age to 7 in your npmrc configuration file and pin your oidc trusted publisher config to a specific branch and workflow file, not just a repository."

FAQ

How do I check if my environment was affected by the et10 stack/router attack?

Check for the router_init.js file in the tarball of any et10 stack/router family packages installed on May 11th. If present, treat that environment as compromised and follow the remediation steps in the proper sequence.

Categories:

» Cybersecurity » Application Security
» Data Protection

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

06/23/2026

01:00 PM

06/23/2026

The AI-Powered VMware Alternative

https://www.truthinit.com/index.php/channel/2009/the-ai-powered-vmware-alternative/
06/24/2026

11:00 AM

06/24/2026

LATAM: Accelerating Insights on AI Through an Engaging Webinar Series

https://www.truthinit.com/index.php/channel/2012/accelerating-insights-on-ai-through-an-engaging-webinar-series/
06/25/2026

01:00 PM

06/25/2026

Generative AI Security: Preventing AI from Becoming a Data Breach Multiplier

https://www.truthinit.com/index.php/channel/1998/generative-ai-security-preventing-ai-from-becoming-a-data-breach-multiplier/
06/30/2026

01:00 PM

06/30/2026

Master Active Directory Certificate Services for Long-term Success

https://www.truthinit.com/index.php/channel/2018/master-active-directory-certificate-services-for-long-term-success/
07/01/2026

04:00 AM

07/01/2026

Integrating Security in AI: Automated Red Teaming Strategies for Private Models

https://www.truthinit.com/index.php/channel/1969/integrating-security-in-ai-automated-red-teaming-strategies-for-private-models/
07/01/2026

04:00 AM

07/01/2026

Schutz von KI in Anwendungen, Agenten und APIs.

https://www.truthinit.com/index.php/channel/2008/schutz-von-ki-in-anwendungen-agenten-und-apis/
07/01/2026

01:00 PM

07/01/2026

Stop Your AI from Controlling You: Strategies for Retaining Power

https://www.truthinit.com/index.php/channel/2021/stop-your-ai-from-controlling-you-strategies-for-retaining-power/
07/02/2026

10:00 AM

07/02/2026

When the cloud goes dark: Resilience lessons from hybrid threats

https://www.truthinit.com/index.php/channel/2011/resilience-insights-from-hybrid-threats-when-the-cloud-faces-challenges/
07/09/2026

01:00 PM

07/09/2026

Harnessing AgenticTrust in the HUMAN Experience

https://www.truthinit.com/index.php/channel/2026/harnessing-agentictrust-in-the-human-experience/
07/14/2026

11:00 AM

07/14/2026

In-Depth Analysis of the Latest Features in Netwrix 1Secure

https://www.truthinit.com/index.php/channel/2014/in-depth-analysis-of-the-latest-features-in-netwrix-1secure/
07/21/2026

04:00 AM

07/21/2026

Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
07/22/2026

06:30 AM

07/22/2026

Insights and Strategies for Effective Data Privacy and Protection Practices

https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-effective-data-privacy-and-protection-practices/
07/29/2026

04:00 AM

07/29/2026

Real-Time Strategies for Safeguarding Against Prompt Injections

https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
09/30/2026

04:00 AM

09/30/2026

AI Command Center: Optimizing Visibility and Control in Your Operations

https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/