In July 2025, prominent freelance talent platform Toptal grappled with a significant software supply chain breach after unknown threat actors penetrated its GitHub organization account. The repercussions of the attack extended far beyond source code exposure, as adversaries leveraged their privileged access to inject malicious components into the open-source ecosystem via the npm registry.
Upon gaining access, attackers made all 73 of Toptal’s code repositories publicly available on GitHub, thereby exposing private intellectual property and operational projects. But their most damaging maneuver involved modifying a selection of Toptal’s widely used internal developer toolkits—specifically, packages associated with the Picasso design system. These tampered libraries were then published to npm, masquerading as official updates to unsuspecting downstream users.
The attack saw a total of 10 compromised npm packages published under Toptal’s namespace, including:
- @toptal/picasso-tailwind
- @toptal/picasso-charts
- @toptal/picasso-shared
- @toptal/picasso-provider
- @toptal/picasso-select
- @toptal/picasso-quote
- @toptal/picasso-forms
- @xene/core
- @toptal/picasso-utils
- @toptal/picasso-typograph
Prior to detection and removal, these packages were collectively downloaded approximately 5,000 times.
The malicious code resided in the packages’ lifecycle scripts—preinstall and postinstall directives embedded in their package.json files. Upon installation, the scripts executed a two-stage payload: first stealing any discovered GitHub authentication tokens from the developer’s environment and exfiltrating them through an attacker-controlled webhook, then attempting to irretrievably wipe the developer’s file system. On Unix systems, the destructive sequence involved the notorious sudo rm -rf --no-preserve-root / command; Windows systems received an equivalent recursion-based delete operation (rm /s /q).
Toptal responded by deprecating all compromised package versions on npm and restoring previously safe versions to the public registry. Security researchers investigating the incident noted that the original vector used to compromise Toptal’s GitHub organization remains undetermined. Theories include credential theft through phishing, exploitation of previously documented npm or repository management vulnerabilities, or a possible insider threat.
Despite the gravity of the incident, Toptal initially did not issue a public advisory, leaving the cybersecurity community and affected users to rely on reports from security research firms. These organizations warned all users who had installed or referenced the tainted packages to act immediately: uninstall any affected libraries and rotate potentially exposed GitHub credentials without delay.
The Toptal intrusion stands out as one of the most destructive and visible examples of a software supply chain attack targeting both source code and package distribution channels. Its tactics demonstrate the increasing sophistication of adversaries and the critical importance of proactive dependency auditing, scrutiny of lifecycle scripts within packages, and robust security controls governing publishing rights and repository access across open source ecosystems.