Developer Workstations Are Now Part of the Software Supply Chain

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud credentials, SSH keys, and tokens. This is an ongoing concern and is self-propagating, as seen in attacks like the “mini Shai Hulud” campaigns. 

That pattern should change how security teams think about the software supply chain.

Traditionally, security focused on shared systems like source code repositories, CI/CD platforms, artifact registries, package managers, and cloud environments. The goal was to protect production workloads and data. We absolutely still need to focus on these areas, but it is an incomplete picture. 

Modern software delivery begins before code reaches Git. It begins on the developer workstation, where code is written, dependencies are installed, credentials are tested, AI assistants are prompted, containers are built, and trusted actions begin.

Developer workstations are a real part of the software supply chain. Treating them as ‘just’ ordinary endpoints leaves gaps among endpoint security, identity security, application security, and supply chain governance.

Supply Chain Attacks Have Become Credential-Harvesting Operations

Recent incidents keep pointing to the same operational truth. Attackers may use poisoned packages, compromised images, dependency bots, malicious workflows, or vulnerable developer tools, but the recurring objective is access.

Events like the TeamPCP and Shai-Hulud campaigns show how supply chain attacks increasingly converge around credential theft. In the TeamPCP campaign, attackers used compromised packages and developer tooling to harvest tokens, cloud credentials, SSH keys, npm configuration files, and environment variables. 

Shai-Hulud pushed the same pattern even further, turning infected developer environments into credential collection points that exposed thousands of secrets across GitHub, cloud services, package registries, and internal systems.

That is not just software tampering. It is credential collection at the points where developers and automation already hold trust.

The supply chain is exposed when attackers gain access to credentials and context that allow them to alter, publish, build, deploy, or impersonate trusted software systems. Packages altered and published in a modern supply chain attack remain live for hours, while automation tools merge malicious updates in minutes. 

The common thread across many of the recent attacks has been secrets, either as an initial access vector or as the target of collection.