On April 29, 2026, Aikido Security disclosed an active supply chain attack targeting SAP developers. Four SAP npm packages were compromised with credential-stealing malware — specifically @cap-js/sqlite, @cap-js/postgres, @cap-js/db-service, and mbt.
enosix applications and systems are not affected.
enosix products are built on Salesforce, TypeScript, React, and LWC. We do not use SAP CAP or MTA Build tooling anywhere in our codebase. We confirmed this with a full scan of all repositories in our GitHub organization — none of the affected packages appear in any form, and no indicators of compromise were found in our code, CI pipelines, or internal npm registry.
If you have questions or concerns, please reach out to the enosix team.
For the full technical write-up of this attack, see the Aikido Security advisory.