The popular n8n workflow automation platform is currently facing a rather severe security issue due to the integration of untrusted workflows. Things came to a head last week when eight toxic packages were found in the widely popular npm registry. These packages masqueraded as real integrations targeted at n8n. Malicious packages have targeted developers’ OAuth credentials since at least 2022. This quickly raises alarms, if not outright panic, about the integrity of workflow automation systems.
The most egregious example of a malicious package, “n8n-nodes-hfgjf-irtuinvcm-lasdqewriit,” mimics a Google Ads integration. Users attempting to connect their advertising accounts via this software package will believe it to be authentic. In truth, it’s designed to collect OAuth tokens from you and transmit them to servers operated by the attackers. Unfortunately, this breach demonstrates a deep vulnerability in n8n. The platform itself lacks adequate sandboxing or isolation between code written as a node and code that drives the runtime/engine/.
The Nature of the Attack
The attack vector has tremendously deepened as a result of the use of these malicious packages. The architecture of n8n really opens up community nodes to work so easily. They function under the same opaque access as the platform itself. Because of this, these nodes have the ability to read environment variables, browse the local file system, and perform outbound network requests.
“Community nodes run with the same level of access as n8n itself. They can read environment variables, access the file system, make outbound network requests, and, most critically, receive decrypted API keys and OAuth tokens during workflow execution,” – Kiran Raj and Henrik Plate.
Just one bad npm package is all it takes to penetrate your development pipelines. It may do this and then, without raising alarms right away, begin communicating to the outside. This is especially pernicious because it creates a huge liability to the individual developer. It endangers teams that rely on n8n to be their primary credential vault.
Ongoing Threats and Developer Recommendations
Even though these malicious packages were removed from npm, the threat is widespread and persistent. A new iteration of the malicious package “n8n-nodes-gg-udhasudsh-hgjkhg-official” reappeared only three hours ago. This would imply that the harmful campaign is still in active operation and continues to actively target users. Developers will still need to be conscious of auditing packages before an installation to avoid potential pitfalls.
Three npm users—“zabuza-momochi,” “dan_even_segler,” and “diendh”—have been associated with four other such libraries that remain available for download. This connection is alarming and suggests that continuing safety of harmful packages on the platform is an ongoing risk.
“The attack represents a new escalation in supply chain threats,” – Endor Labs.
First these attacks highlight a dangerous trend in supply chain security. This is a particularly problematic concern for platforms that serve as centralized credential repositories.
Security Measures and Best Practices
In response to these changes, n8n has raised alerts on the security dangers of community nodes coming from npm. These nodes can have breaking changes introduced or run destructive actions on the machines that n8n runs on. Developers are advised to thoroughly check through package metadata for anything suspicious and to always use official n8n integrations if available.
To further enhance security, Kiran Raj and Henrik Plate emphasize that vigilance is key. “Because of this, a single malicious npm package is enough to gain deep visibility into workflows, steal credentials, and communicate externally without raising immediate suspicion.”