Lessons from the Gluestack Supply Chain Attack

On 6 June 2025, the npm ecosystem was struck by a significant supply chain attack that compromised 17 packages from the Gluestack and @react-native-aria collections. With a combined total of more than one million weekly downloads, these libraries were relied upon by developers and enterprises worldwide. The incident was a sharp reminder of how fragile the trust model underpinning open source can be.

The injected code was not obvious. Discovered by Aikido Security, the attack embedded a remote access trojan (RAT) designed to give attackers persistent control over developer machines. By blending into legitimate files, it quietly turned a set of trusted packages into potential entry points for widespread compromise.

The compromise began late on Friday, 6 June. At 4:33 PM EST, a malicious version of @react-native-aria/focus was published, followed within 24 hours by 16 additional packages including @react-native-aria/button, @react-native-aria/interactions and @gluestack-ui/utils. Aikido quickly identified the issue and reported it to npm and maintainers. By 8 June, Gluestack had revoked the stolen access token and deprecated the affected releases.

Because many projects relied on floating version ranges, automated tools fetched the “latest” versions by default. By the time the alarm was raised, it was already too late. The compromised versions had been marked as deprecated, but they could not be unpublished due to dependency constraints, leaving malicious code in circulation.

The payload was carefully concealed. Attackers appended code to the end of lib/index.js, burying it beneath large blocks of whitespace to push it out of view in common code editors. Once executed, the RAT connected back to command-and-control servers and could, change directories, upload and download files, and run arbitrary shell commands.

On Windows systems, it also hijacked Python by altering the PATH environment variable. This ensured the malware could intercept normal python or pip calls and remain active even after an update.

Incidents like Gluestack’s show how attackers exploit both technical gaps and human trust. The malware was hidden with simple obfuscation, but what gave it reach was the widespread practice of accepting the “latest” package by default.

The lessons are clear:

• Treat your SBOM as a live inventory, not a compliance formality. It is the only way to know if a backdoor version entered your builds.

• Monitor dependencies continuously. An enriched SBOM can flag suspicious updates, obfuscated code or unexpected scripts.

• Build proactive scanning into CI pipelines. Tools such as SCANOSS detect undeclared or anomalous code by comparing against a global knowledge base.

• Apply basic hygiene. Lock versions, enable multi-factor authentication for registry accounts and watch for unexpected package releases.

Supply chain attacks will not disappear. They thrive because open source ecosystems are collaborative and fast-moving. The Gluestack case is a reminder that prevention is always more effective than clean-up. The real defence is to treat your SBOM as a strategic asset and integrate scanning into every build.

Contact the SCANOSS team to learn how our SBOM and scanning solutions can help safeguard your software supply chain.

Timeline of the Gluestack Attack

• 6 June 2025, 4:33 PM EST – Malicious version of @react-native-aria/focus (0.2.10) published.

• 6–7 June 2025 – Sixteen more packages compromised, including @react-native-aria/button and @gluestack-ui/utils.

• 8 June 2025 – Aikido Security confirmed the backdoor. Gluestack revoked the stolen npm token and deprecated all affected versions.

• Aftermath – Malicious versions remained on npm due to dependency rules, leaving projects with floating versions vulnerable.