"Recommendation of Introducing pnpm as a Ransomware Countermeasure" - I gave a presentation with this title at the Clasmeths Sapporo IT Study Group (tentative) #cm_sapporo_study
This page has been translated by machine translation. View original
I'm Ishikawa from the Consulting Department, Cloud Business Division. I gave a presentation titled "Recommendation for pnpm Implementation as a Ransomware Countermeasure" at "Kurameso Sapporo IT Study Group (tentative) #12" held on February 10, 2026. This article delivers the presentation content in blog format.
Presentation Materials
Introduction
You might be wondering, "Why does a package manager have anything to do with security?"
However, the npm install command that we use without thinking is actually one of the entry points for "supply chain attacks" that can put an entire organization at risk. npm commands are essential in development environments, whether using generative AI model APIs, calling MCPs, or deploying with AWS CDK. That's why we need to properly understand the risks involved.
Using threats like "Shai-Hulud" and "PhantomRaven" that emerged in 2025 as examples, I explained why migrating to "pnpm" is now the strongest defense strategy.
Ransomware and Supply Chain Attacks
What is Ransomware?
Ransomware is malicious software that holds computers or data "hostage" and demands a ransom.
Infection occurs by opening cleverly disguised email attachments or browsing compromised websites, encrypting important files like photos, documents, and videos without the user's knowledge. A warning message appears on screen saying "Pay in Bitcoin by the specified deadline if you want your files back."
Recently, "double extortion" has become mainstream. Beyond just locking data, attackers threaten to "publish stolen confidential data online if you don't pay."
Supply Chain Attacks
A ransomware supply chain attack doesn't target companies directly. Instead, it uses business partners or contractors (the weak links in the supply chain) as "stepping stones" to ultimately infect the target or the entire related organization with ransomware.
Since breaking through the strong security of large companies head-on is difficult, targeting related companies or system management companies with relatively weaker security has become the recent trend.
npm as a Ransomware Target
What is npm?
npm (Node Package Manager) is the standard package manager for Node.js, a JavaScript runtime environment. It's a mechanism for installing, updating, and deleting libraries and frameworks stored in a public database called the Registry via npm commands.
Beyond simply retrieving packages, it automatically resolves compatibility with other libraries that each package depends on, and records dependencies for each project in a metadata file called package.json to ensure reproducibility across different development environments.
Shai-Hulud and PhantomRaven Emerged in 2025
In 2025, supply chain attacks targeting the npm ecosystem became prominent.
Shai-Hulud is a threat that steals npm tokens and automatically spreads like a worm (self-propagating). It exploits postinstall scripts to automatically inject and publish malicious code into legitimate packages managed by victims using stolen npm tokens, spreading exponentially without attacker intervention.
PhantomRaven is a threat that evades security scans (Remote Dynamic Dependencies). It publishes seemingly harmless code (like hello world scripts) to npm, but dynamically fetches dependencies via HTTP URLs from the attacker's server. Since npm registry and security scanners don't track these URLs, they show "0 dependencies," thus evading detection.
npm's Structural Vulnerabilities
npm has a longstanding "convenient but dangerous" mechanism called "automatic execution of lifecycle scripts."
npm packages can configure scripts (like postinstall) that run immediately after installation. Though originally intended to automate environment setup like compiling native modules, attackers exploit this. When developers run npm install, modules can be downloaded or malicious code executed in the background without their knowledge.
Why npm Tokens are Targeted
Attackers aim for developers' npm tokens.
These tokens are "master keys" that can publish or update packages, bypassing passwords and two-factor authentication (2FA). If stolen, they can be used to inject viruses into existing trusted packages, turning them into platforms to distribute ransomware to hundreds of thousands of users worldwide.
Implementing pnpm
What is pnpm?
pnpm (Performant npm) is a fast and efficient package manager for Node.js. Main differences from npm include:
- Disk efficiency: Shares a global store, eliminating duplicate installations
- Installation speed: Faster because it only links packages already in the store
- Strict node_modules structure: Uses symbolic link-based structure rather than flat, preventing implicit access (phantom dependencies) to packages not declared in
package.json - Monorepo support: Rich workspace functionality, strong for monorepo management
Why pnpm Counters Ransomware
pnpm isn't just a "faster npm." Its design philosophy is security-first.
While npm automatically executes all scripts, pnpm is different. It uses a whitelist approach to block installation scripts except from trusted packages. Even if malicious packages slip in, it prevents their "execution," thus preemptively preventing PhantomRaven and Shai-Hulud damage.
Additionally, pnpm's minimumReleaseAge setting can prevent installation of packages that haven't been released for a certain period of time.
How to Install pnpm
Here's how to install without using npm:
macOS: Using Homebrew (recommended)
brew install pnpm
macOS / Linux: Using installation script
curl -fsSL https://get.pnpm.io/install.sh | sh -
Windows (PowerShell): Using installation script (recommended)
iwr https://get.pnpm.io/install.ps1 -useb | iex
Disabling npm Commands with Timed Release (macOS)
During the transition period, you can set up npm and npx to be non-executable in your .zshrc, with a mechanism to "temporarily release" them when needed.
macOS .zshrc configuration example
alias npx='echo "WARNING: Please do not run npx" && false'
alias npm='echo "WARNING: Please do not run npm" && false'
# Function to unlock npm/npx for one hour
function unlock-npm() {
unalias npm npx
# Date calculation for macOS. For Linux, replace with $(date -d "+1 hour" ...)
local limit=$(date -v+1H "+%Y/%m/%d %H:%M")
echo "${limit} until npm/npx restriction is lifted."
# Automatically execute source after one hour
sched +01:00 "source ~/.zshrc && echo '\a\n1 hour has passed, npm/npx are sealed again.'"
}
macOS .zshrc execution example
With the above script configured, npm and npx commands can't be executed, but running the unlock-npm command enables them for one hour only. This command applies only to that session and doesn't affect other executions.
% npm --version
WARNING: Please do not run npm
% unlock-npm
2026/02/11 17:35 until npm/npx restriction is lifted.
% npm --version
10.8.1
%
1 hour has passed, npm/npx are sealed again.
% npm --version
WARNING: Please do not run npm
Migrating from npm to pnpm
Replace npm commands with pnpm commands. Explicitly whitelist packages in package.json and only allow what's truly necessary (esbuild, sharp, etc.) to execute. If unlisted packages try to run, pnpm stops and warns the user. Viruses that don't execute can't cause harm.
package.json configuration example:
{
"pnpm": {
"onlyBuiltDependencies": [
"esbuild",
"sharp"
]
}
}
Migrating from npx to pnpm dlx
For temporary tool execution, use pnpm dlx instead of npx.
While npx is very convenient, it automatically runs lifecycle scripts without confirmation, which PhantomRaven exploits. With pnpm dlx, the postinstall script of the target package itself is allowed by default, but lifecycle scripts of its dependencies are blocked. This prevents execution of malicious scripts hiding deep in the dependency tree.
Summary
In this presentation, I recommended three countermeasures:
- npm tokens are most important - don't leave them as plaintext in
.npmrcand restrict execution permissions. - Implement pnpm and make script execution permission-based.
- Recognize the risk that "installation alone can cause damage".
While security often trades off with convenience, pnpm offers both speed and safety. To protect yourself and your clients, please consider migrating to pnpm.