On 09-Sep-2025, multiple npm packages were compromised as part of a software supply chain attack after the accounts for official maintainers of the npm package manager were compromised.
Appian has investigated this incident and, as of 09-10-2025, determined that it is not impacted as none of the affected package versions listed below are utilized. We will continue to monitor the situation and provide updates as appropriate.
Updates01-Dec-2025: Appian is continuously monitoring the exploited package list and determined to still not be impacted
Supporting Documentationhttps://thehackernews.com/2025/09/20-popular-npm-packages-with-2-billion.htmlhttps://www.upwind.io/feed/shai-hulud-2-npm-supply-chain-worm-attackhttps://docs.mend.io/wsk/msc-customer-reference-sheet-24-nov-2025
Investigated Package VersionsAppian has reviewed all currently known impacted packagesAffected VersionsThis article applies to all supported versions of Appian.
Last reviewed: Dec 3, 2025