https://community.appian.com/support/w/kb/3706/kb-2349-information-about-the-npm-software-supply-chain-attack-shai-huluden-USTelligent Community 12https://community.appian.com/support/w/kb/3706/kb-2349-information-about-the-npm-software-supply-chain-attack-shai-huludWed, 03 Dec 2025 20:24:52 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:ca1f867b-874a-4b9d-b0df-c72e1b34c84dAppian Communityhttps://community.appian.com/support/w/kb/3706/kb-2349-information-about-the-npm-software-supply-chain-attack-shai-hulud#commentsCurrent Revision posted to Appian Knowledge Base by Appian Community on 12/3/2025 8:24:52 PM<br /> <p>On 09-Sep-2025, multiple npm packages were compromised as part of a software supply chain attack after the accounts for official maintainers of the npm package manager were compromised.</p> <p>Appian has investigated this incident and, as of 09-10-2025, determined that it is not impacted as none of the affected package versions listed below are utilized. We will continue to monitor the situation and provide updates as appropriate.</p> <p>Updates<br />01-Dec-2025: Appian is continuously monitoring the exploited package list and determined to still not be impacted</p> <p>Supporting Documentation<br />https://thehackernews.com/2025/09/20-popular-npm-packages-with-2-billion.html<br />https://www.upwind.io/feed/shai-hulud-2-npm-supply-chain-worm-attack<br />https://docs.mend.io/wsk/msc-customer-reference-sheet-24-nov-2025</p> <p>Investigated Package Versions<br />Appian has reviewed all currently known impacted packages<br />Affected Versions<br />This article applies to all supported versions of Appian.</p> <p><br />Last reviewed: Dec 3, 2025</p><div style="clear:both;"></div> https://community.appian.com/support/w/kb/3706/kb-2349-information-about-the-npm-software-supply-chain-attack-shai-hulud/revision/2Wed, 03 Dec 2025 20:21:59 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:ca1f867b-874a-4b9d-b0df-c72e1b34c84dKaushal Patelhttps://community.appian.com/support/w/kb/3706/kb-2349-information-about-the-npm-software-supply-chain-attack-shai-hulud#commentsRevision 2 posted to Appian Knowledge Base by Kaushal Patel on 12/3/2025 8:21:59 PM<br /> <p><span style="font-weight:400;">On 09-Sep-2025, multiple npm packages were compromised as part of a software supply chain attack after the accounts for official maintainers of the npm package manager were compromised.</span></p> <p><span style="font-weight:400;">Appian has investigated this incident and, as of 09-10-2025, determined that it is not impacted as none of the affected package versions listed below are utilized. We will continue to monitor the situation and provide updates as appropriate.</span></p> <h2><span>Updates</span></h2> <p><span>01-Dec-2025: Appian is continuously monitoring the exploited package list and determined to still not be impacted</span></p> <h2><span>Supporting Documentation</span></h2> <ul> <li style="font-weight:400;"><span style="font-weight:400;"><a id="" href="https://thehackernews.com/2025/09/20-popular-npm-packages-with-2-billion.html">https://thehackernews.com/2025/09/20-popular-npm-packages-with-2-billion.html</a><a href="https://thehackernews.com/2025/09/20-popular-npm-packages-with-2-billion.html"></a></span></li> <li style="font-weight:400;"><a href="https://www.upwind.io/feed/shai-hulud-2-npm-supply-chain-worm-attack">https://www.upwind.io/feed/shai-hulud-2-npm-supply-chain-worm-attack</a></li> <li style="font-weight:400;"><a href="https://docs.mend.io/wsk/msc-customer-reference-sheet-24-nov-2025">https://docs.mend.io/wsk/msc-customer-reference-sheet-24-nov-2025</a></li> </ul> <h2><span></span></h2> <h2><span>Investigated Package Versions</span></h2> <ul> <li><span>Appian has reviewed all currently known impacted packages</span></li> </ul> <h2><span style="font-weight:400;">Affected Versions</span></h2> <p><span style="font-weight:400;">This article applies to all supported versions of Appian.</span></p> <h2><span style="font-weight:400;"></span></h2> <p><span style="font-weight:400;">Last reviewed:<span>&nbsp;Dec 3</span></span><span style="font-weight:400;">, 2025</span></p><div style="clear:both;"></div> https://community.appian.com/support/w/kb/3706/kb-2349-information-about-the-npm-software-supply-chain-attack-shai-hulud/revision/3Wed, 03 Dec 2025 20:21:59 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:ca1f867b-874a-4b9d-b0df-c72e1b34c84dAppian Communityhttps://community.appian.com/support/w/kb/3706/kb-2349-information-about-the-npm-software-supply-chain-attack-shai-hulud#commentsRevision 3 posted to Appian Knowledge Base by Appian Community on 12/3/2025 8:21:59 PM<br /> This content is under review.<div style="clear:both;"></div> https://community.appian.com/support/w/kb/3706/kb-2349-information-about-the-npm-software-supply-chain-attack-shai-hulud/revision/1Wed, 10 Sep 2025 21:44:35 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:ca1f867b-874a-4b9d-b0df-c72e1b34c84dpauline.delacruzhttps://community.appian.com/support/w/kb/3706/kb-2349-information-about-the-npm-software-supply-chain-attack-shai-hulud#commentsRevision 1 posted to Appian Knowledge Base by pauline.delacruz on 9/10/2025 9:44:35 PM<br /> <p><span style="font-weight:400;">On 09-Sep-2025, multiple npm packages were compromised as part of a software supply chain attack after the accounts for official maintainers of the npm package manager were compromised.</span></p> <p><span style="font-weight:400;">Appian has investigated this incident and, as of 09-10-2025, determined that it is not impacted as none of the affected package versions listed below are utilized. We will continue to monitor the situation and provide updates as appropriate.</span></p> <h2><span>Supporting Documentation</span></h2> <ul> <li style="font-weight:400;"><a href="https://thehackernews.com/2025/09/20-popular-npm-packages-with-2-billion.html"><span style="font-weight:400;">https://thehackernews.com/2025/09/20-popular-npm-packages-with-2-billion.html</span></a></li> </ul> <h2><span>Investigated Package Versions</span></h2> <ul> <li><span>Ansi-regex v6.2.1</span></li> <li><span>Ansi-styles v6.2.2</span></li> <li><span>Backslash v0.2.1</span></li> <li><span>Chalk v5.6.1</span></li> <li><span>Chalk-template v1.1.1</span></li> <li><span>Color-convert v3.1.1</span></li> <li><span>Color-name v2.0.1</span></li> <li><span>Color-string v2.1.1</span></li> <li><span>Debug v4.4.2</span></li> <li><span>Error-ex v1.3.3</span></li> <li><span>Has-ansi v6.0.1</span></li> <li><span>Is-arrayish v0.3.3</span></li> <li><span>Proto-tinker-wc v1.8.7</span></li> <li><span>Supports-hyperlinks v4.1.1</span></li> <li><span>Simple-swizzle v0.2.3</span></li> <li><span>Slice-ansi v7.1.1</span></li> <li><span>Strip-ansi v7.1.1</span></li> <li><span>Supports-color v10.2.1</span></li> <li><span>Wrap-ansi v9.0.1</span></li> <li><span>coveops/abi v2.0.1</span></li> <li><span>duckdb/duckdb-wasm v1.29.2</span></li> <li><span>duckdb/node-api v1.3.3</span></li> <li><span>duckdb/node-bindings v1.3.3</span></li> <li><span>Duckdb v1.3.3</span></li> <li><span>Prebid v10.9.1</span></li> <li><span>Prebid v10.9.2</span></li> <li><span>Prebid-universal-creative v1.17.3</span></li> </ul> <h2><span style="font-weight:400;">Affected Versions</span></h2> <p><span style="font-weight:400;">This article applies to all supported versions of Appian.</span></p> <h2><span style="font-weight:400;"></span></h2> <p><span style="font-weight:400;">Last reviewed: </span><span style="font-weight:400;">Sep 10, 2025</span></p><div style="clear:both;"></div>