CAP Developers – Call to Action to mitigate and Apply Solution provided in SAP Note 3747787

On April 29, 2026, four malicious open-source package versions were distributed into the NPM ecosystem. These malicious versions appear to exfiltrate information, such as credentials, and attempt to propagate into downstream software packages as well as adjacent software repositories when installed on a system.

If you are uncertain whether your systems have been affected, it is crucial to act promptly. Begin by following the mitigation steps outlined to maintain your environment’s security. Promptly taking these actions will help protect your systems and data from potential risks.

Other Terms

• MBT
• NPM
• CAP
• SAP Cloud Application Programming Model
• MTA Build Tool

List of compromised NPM package versions:

• · @cap-js/sqlite – v2.2.2
• · @cap-js/postgres – v2.2.2
• · @cap-js/db-service – v2.10.1
• · mbt@1.2.48

Solution

If you have identified that you may be affected, perform the following measures via provided SAP Note below:

https://me.sap.com/notes/0003747787

SAP Support Ticket Component : BC-XS-CDX-NJS

Potential references:

• https://www.aikido.dev/blog/mini-shai-hulud-has-appeared

• https://www.stepsecurity.io/blog/a-mini-shai-hulud-has-appeared

• https://www.mend.io/blog/shai-hulud-sap-cap-supply-chain-attack-claude-code/

• https://onapsis.com/blog/sap-cap-mini-shai-hulud-supply-chain-attack/

• https://snyk.io/de/blog/bun-based-stealer-hits-sap-cap-js-mbt-npm-packages/

 On April 29, 2026, four malicious open-source package versions were distributed into the NPM ecosystem. These malicious versions appear to exfiltrate information, such as credentials, and attempt to propagate into downstream software packages as well as adjacent software repositories when installed on a system.If you are uncertain whether your systems have been affected, it is crucial to act promptly. Begin by following the mitigation steps outlined to maintain your environment’s security. Promptly taking these actions will help protect your systems and data from potential risks.Other TermsMBTNPMCAPSAP Cloud Application Programming ModelMTA Build ToolList of compromised NPM package versions:· @cap-js/sqlite – v2.2.2· @cap-js/postgres – v2.2.2· @cap-js/db-service – v2.10.1· mbt@1.2.48SolutionIf you have identified that you may be affected, perform the following measures via provided SAP Note below:https://me.sap.com/notes/0003747787SAP Support Ticket Component : BC-XS-CDX-NJSPotential references:https://www.aikido.dev/blog/mini-shai-hulud-has-appearedhttps://www.stepsecurity.io/blog/a-mini-shai-hulud-has-appearedhttps://www.mend.io/blog/shai-hulud-sap-cap-supply-chain-attack-claude-code/https://onapsis.com/blog/sap-cap-mini-shai-hulud-supply-chain-attack/https://snyk.io/de/blog/bun-based-stealer-hits-sap-cap-js-mbt-npm-packages/ Read More Technology Blog Posts by SAP articles 

#SAPCHANNEL