Skip to content
BriefingsRSS · DSI
Trust Doesn't Scale: Why 700 Poisoned GitHub Repos Made NIS2 Compliance Non-Negotiable
Threat AssessmentMay 23, 202622 min read

Trust Doesn't Scale: Why 700 Poisoned GitHub Repos Made NIS2 Compliance Non-Negotiable

Somewhere in Europe, this week, a developer cloned DevDojo Wave to bootstrap a new Laravel project. Twenty seconds later, /tmp/.sshd was running in the background — masquerading as a system daemon, downloaded from a compromised GitHub repository. The developer did not know they had installed malware. Neither did 9,100 other installations. This briefing examines the 700-repo compromise, the structural pattern across eight years of GitHub supply chain attacks, the alternatives operators are starting to consider, and what AI-driven defence can and cannot do about it.

~36 min

Executive Summary

The May 2026 compromise of 700+ GitHub repositories — including DevDojo Wave (6,400 stars) and DevDojo Genesis (9,100 installs), the Laravel templates thousands of developers clone to bootstrap new projects — is not an outlier. It is the latest expression of an eight-year pattern in which the world's largest code-hosting platform serves as the multiplier for compromised maintainer accounts, weaponised trust signals, and cross-ecosystem misdirection. The attack itself was elegant: malicious script hidden in package.json rather than composer.json, so PHP developers reviewing dependencies never saw it. The payload — /tmp/.sshd downloaded via curl -skL and chmod'd to execute in the background — masqueraded as a system daemon.

This is the exact attack pattern NIS2 Article 21 was designed to address, and exactly why voluntary supply chain security has reached its structural ceiling. Banks, energy operators, and digital service providers across the European single market are now legally obliged to do what the open-source ecosystem has been hoping someone else would do for years: produce evidence-grade controls over dependencies, generate software bills of materials, scan against known vulnerabilities, and report significant incidents on the Article 23 cadence (24-hour early warning, 72-hour notification, one-month final report).

This briefing examines four questions. What happened in the May 2026 incident, technically? Why has GitHub specifically become the recurring frontier — and what is the eight-year incident pattern telling us? What alternatives are NIS2-regulated organisations starting to consider? And what can AI-driven defence actually do about supply chain risk, given the same AI capability is now being weaponised by attackers?

Stakeholder action map

Stakeholder Priority signal Action this quarter
CISO / Head of Application Security Cross-ecosystem audit blind spots; PR-level reviewers do not catch package.json-in-PHP-project payloads Deploy behavioural SCA (Socket.dev or Phylum-class) at install time; pin lockfiles; quarantine auto-update tags
Head of Platform / DevSecOps GitHub Actions and third-party runners hold every CI/CD secret you have Treat the CI runner as a hostile environment; rotate PATs; move secrets to OIDC short-lived tokens; mirror dependencies through an internal Nexus / Artifactory
Board / Risk Committee NIS2 transposition is live across the EU; supply chain security is no longer optional for essential entities Approve the SBOM / supply-chain-security programme as a board-level item; require quarterly evidence, not assurance memos
Procurement / Vendor Risk Cyber Resilience Act applicable late 2027; OT and software products will ship CE evidence of secure development Require CRA-equivalent vendor evidence — SBOM, vulnerability handling policy, 24-hour exploited-vulnerability notification — in all software RFPs
Regulator / Supervisory Authority Attestation patterns dominate; queryable evidence is rare Move audit cadence to evidence-grade; align supervision with NIS2 Article 23 reporting cadence

The Invisible Infection

Somewhere in Europe, probably this week, a backend developer cloned DevDojo Wave to bootstrap a new Laravel project. Standard workflow: composer install, wait for dependencies to resolve, grab coffee while the package manager does its thing. Twenty seconds later, /tmp/.sshd was running silently in the background. Not a typo. Not a legitimate SSH daemon. A backdoor with remote-access capabilities, downloaded from a compromised GitHub repository, hidden in plain sight with a name designed to blend into standard Linux process listings.

That developer did not know they had just installed malware. Neither did their company's security team. Neither did the 9,100 other installations of DevDojo Genesis that pulled the same poisoned dependency tree. The Packagist registry removed the malicious packages once the campaign was disclosed, but the source GitHub repositories continued to serve poisoned content under auto-update version tags — dev-main, dev-master, 3.x-dev — which resolve to the latest commit and reinfect any downstream composer update that runs against the still-compromised source.

This is the supply chain attack pattern that just hit 700+ GitHub repositories simultaneously. It is the scenario that makes NIS2 compliance not regulatory burden but structural necessity. And it is one node in a recurring pattern that has been visible since at least 2018.

Anatomy of the Attack

The technical mechanics are straightforward enough to fit on a single page. The architectural lesson is harder to dismiss:

Five-step supply chain attack diagram showing payload hidden in package.json (not composer.json), curl -skL silent fetch, drop to /tmp/.sshd masquerading as SSH daemon, chmod +x and detached execution, and persistent foothold inside dev / CI / prod environments
Each ecosystem audits its own config. The attacker sat in the config nobody was looking at.

Step 1 — Cross-ecosystem misdirection. The malicious script was placed in package.json, the JavaScript / Node.js configuration file. The victim repositories were PHP / Laravel projects, where developers reviewing dependencies audit composer.json. The two files are read by different package managers but live in the same repository. A PHP developer running a one-eye review pass at PR time sees a clean composer.json and approves the change. The payload sits in the file they did not open.

Step 2 — Silent fetch. The script invoked curl -skL [URL]. The flags matter: -s suppresses progress and most warnings, -k skips TLS certificate verification, -L follows redirects. Combined, they produce a download that is invisible in the install log and tolerant of mid-route certificate manipulation. Defenders looking at a successful composer install output see no anomaly.

Step 3 — Masquerade drop. The fetched binary was written to /tmp/.sshd. The leading dot hides the file from a default ls listing. The name mimics the OpenSSH daemon, so a process listing including sshd entries does not immediately surface the imposter. The file lives in /tmp, which is world-writeable, requires no privilege escalation, and survives across user sessions on most Linux distributions.

Step 4 — Execute and detach. The script set the execute bit (chmod +x /tmp/.sshd), launched the binary into the background (& suffix), and returned a zero exit code to the installer. Composer reported success. The CI/CD pipeline moved to the next step. The developer's coffee was still warm.

Step 5 — Persistent foothold. Every composer install across the dependency chain reinstalled the same payload. Every clone of a DevDojo Wave or Genesis template carried the chain into a new environment. Production deployments inherited the foothold from staging; staging inherited it from CI; CI inherited it from the developer's machine. Auto-update version tags (dev-main, dev-master, 3.x-dev) resolve to the latest commit on a branch — so the cleanup that removed the malicious packages from Packagist did not, by itself, stop further infections from the source repositories on GitHub.

DSI Advisory

Need intelligence like this on a decision you're facing?

DSI Advisory Services helps boards, business leaders, defence institutions, and security leaders understand threats before they reach the horizon — where cyber, geopolitics, and business risk converge.

Commission a bespoke intelligence productExplore advisory