Acquia incident

NPM Package manager related product impact

Critical Resolved View vendor source →

Acquia experienced a critical incident on September 16, 2025 affecting Cloud IDE and Acquia Cloud CD Pipelines and 1 more component, lasting 1d 1h. The incident has been resolved; the full update timeline is below.

Started
Sep 16, 2025, 05:31 PM UTC
Resolved
Sep 17, 2025, 07:23 PM UTC
Duration
1d 1h
Detected by Pingoru
Sep 16, 2025, 05:31 PM UTC

Affected components

Cloud IDEAcquia Cloud CD PipelinesAcquia Code Studio

Update timeline

  1. investigating Sep 16, 2025, 05:31 PM UTC

    Acquia is aware of an ongoing security situation impacting NPM Package manager. More details on this evolving situation can be found here: https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages Acquia is taking action to temporarily disable workflows in Acquia Products which depend on NPM Package Manager. This includes Acquia Pipelines, Acquia Code Studio, and Cloud IDE. We will provide additional updates as we have more information.

  2. investigating Sep 16, 2025, 06:05 PM UTC

    Acquia is continuing to actively address the security situation impacting the NPM Package Manager. As a precaution, workflows in Acquia Products that rely on NPM Package Manager—including Acquia Pipelines, Acquia Code Studio, and Cloud IDE—remain temporarily disabled. Our teams are still working on this, and we will provide additional updates as soon as more information becomes available. Thank you for your continued patience and understanding.

  3. investigating Sep 16, 2025, 06:35 PM UTC

    Acquia is continuing to actively address the security situation impacting the NPM Package Manager. As a precaution, workflows in Acquia Products that rely on NPM Package Manager—including Acquia Pipelines, Acquia Code Studio, and Cloud IDE—remain temporarily disabled. Our teams are still working on this, and we will provide additional updates as soon as more information becomes available. Thank you for your continued patience and understanding.

  4. investigating Sep 16, 2025, 07:04 PM UTC

    Acquia is continuing to actively address the security situation impacting the NPM Package Manager. As a precaution, workflows in Acquia Products that rely on NPM Package Manager—including Acquia Pipelines, Acquia Code Studio, and Cloud IDE—remain temporarily disabled. Our teams are still working on this, and we will provide additional updates as soon as more information becomes available. Thank you for your continued patience and understanding.

  5. investigating Sep 16, 2025, 07:36 PM UTC

    Acquia is continuing to actively address the security situation impacting the NPM Package Manager. As a precaution, workflows in Acquia Products that rely on NPM Package Manager—including Acquia Pipelines, Acquia Code Studio, and Cloud IDE—remain temporarily disabled. Our teams are still working on this, and we will provide additional updates as soon as more information becomes available. Thank you for your continued patience and understanding.

  6. investigating Sep 16, 2025, 08:15 PM UTC

    Acquia is continuing to actively address the security situation impacting the NPM Package Manager. As a precaution, workflows in Acquia Products that rely on NPM Package Manager—including Acquia Pipelines, Acquia Code Studio, and Cloud IDE—remain temporarily disabled. Our teams are still working on this, and we will provide additional updates as soon as more information becomes available. Thank you for your continued patience and understanding.

  7. investigating Sep 16, 2025, 08:34 PM UTC

    Acquia is continuing to actively address the security situation impacting the NPM Package Manager. As a precaution, workflows in Acquia Products that rely on NPM Package Manager—including Acquia Pipelines, Acquia Code Studio, and Cloud IDE—remain temporarily disabled. Our teams are still working on this, and we will provide additional updates as soon as more information becomes available. Thank you for your continued patience and understanding.

  8. investigating Sep 16, 2025, 08:54 PM UTC

    Acquia is continuing to actively address the security situation impacting the NPM Package Manager. We are pleased to report significant progress in restoring our services: Internal Pipelines (CloudBees-based) are now operational and fully restored. Additionally, both Acquia Pipelines and Acquia Cloud IDE have been successfully restored and are now functioning normally. Our teams are actively working on restoring Acquia Code Studio, which remains in progress.

  9. investigating Sep 16, 2025, 09:23 PM UTC

    Acquia Pipelines, Cloud IDE, and Code Studio have been restored. However, please note that we have temporarily blocked access to various IPs and DNS for NPM. While jobs will run, they will fail if they require NPM at this time.

  10. investigating Sep 16, 2025, 09:57 PM UTC

    Acquia is continuing to actively monitor the security situation impacting the NPM Package Manager. While our security team is closely monitoring the situation, we expect the current status to remain consistent for the next few hours. As soon as the situation changes, allowing us to enable NPM package access, we will provide further updates.

  11. investigating Sep 17, 2025, 02:02 AM UTC

    Acquia is actively monitoring the security incident affecting the NPM Package Manager. Our security team remains vigilant and will continue to observe developments. We will share additional updates as soon as we are able to restore NPM package access or if there are any significant changes. Based on the latest information, we anticipate the current status will remain unchanged over the next several hours. To know which NPM packages could potentially be impacted, please continue to watch https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages

  12. investigating Sep 17, 2025, 06:00 AM UTC

    Acquia is actively monitoring the ongoing security incident affecting the NPM Package Manager. We understand the importance of this issue and our security team is closely tracking developments. At this time, we expect the current status to remain in effect for the next several hours. Please be informed that we have temporarily blocked access to various IPs and DNS for NPM. While jobs will run, they will fail if they require NPM at this time. We will provide prompt updates as soon as it is safe to restore NPM package access or if circumstances change.

  13. investigating Sep 17, 2025, 10:01 AM UTC

    Acquia remains vigilant in monitoring the security issue currently affecting the NPM Package Manager. We are aware of the significance of this matter and our security team is continuously assessing the situation as it evolves. At this point, we do not anticipate any immediate changes and expect the current restrictions to be in place for several more hours. We will update you promptly with any important developments or when it is appropriate to restore NPM package access.

  14. investigating Sep 17, 2025, 10:02 AM UTC

    Acquia remains vigilant in monitoring the security issue currently affecting the NPM Package Manager. We are aware of the significance of this matter and our security team is continuously assessing the situation as it evolves. At this point, we do not anticipate any immediate changes and expect the current restrictions to be in place for several more hours. We will update you promptly with any important developments or when it is appropriate to restore NPM package access.

  15. investigating Sep 17, 2025, 03:16 PM UTC

    Acquia remains vigilant in monitoring the security issue currently affecting the NPM Package Manager. We are aware of the significance of this matter and our security team is continuously assessing the situation as it evolves. We will update you promptly with any important developments.

  16. investigating Sep 17, 2025, 04:21 PM UTC

    Acquia continues to carefully monitor the situation affecting the NPM Package Manager. The current status remains unchanged with all Acquia products enabled, but with temporary blocks in place which disable access to NPM. Meaning jobs will run, but they will fail if they require NPM.

  17. investigating Sep 17, 2025, 06:56 PM UTC

    Acquia has enabled NPM access for Acquia Pipelines and Code Studio. We will provide an update once Acquia IDE access is restored.

  18. resolved Sep 17, 2025, 07:23 PM UTC

    Acquia has restored full IDE functionality. At this time, all Acquia products are restored to full functionality. Note that Acquia has made a change to default Pipelines functionality, which includes enabling two environment variables related to NPM config and yarn scripts. For more on this, please review https://acquia.my.site.com/s/article/Acquia-has-restored-the-ability-to-use-npm-registries-and-there-are-no-known-data-leaks-at-this-time