Outage in PostHog US
PostHog NPM packages compromised
Resolved MajorIncident Report
We've identified that a version of our Javascript packages contains compromised packages. We're working to patch and republish clean packages.
Trusted by 1,000+ teams
Never miss outages in third-party dependencies
Stop finding out about outages from your users. Monitor 6,320+ cloud services and get alerted the second something breaks.
Latest Updates ( sorted recent to last )
RESOLVED
5 months ago - at 11/25/2025 02:40AM
With all malicious package versions unpublished, we've confirmed that there were no events sent by customers using the malicious versions. We're now actively hardening our npmjs deployment pipeline, our GitHub Actions workflows, and all Node projects to prevent a future incident. A public postmortem will follow with more detailed information, next steps, and learnings.
MONITORING
5 months ago - at 11/24/2025 04:32PM
It looks like we were victim of the following attack that's hit over 300 packages: https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24.
At the moment, we think there were no production deployments by customers of these versions. Just to make sure, you want to delete node_modules and run `pnpm cache delete` if using pnpm to make sure you don't have any affected packages running.
We've unpublished all relevant versions, and have published newer versions for all JS SDKs. Make sure you're on the latest version of our JS SDKs.
The following packages were compromised:
- posthog-node 4.18.1, 5.13.3 and 5.11.3
- posthog-js 1.297.3
- posthog-react-native 4.11.1
- posthog-docusaurus 2.0.6
- posthog-react-native-session-replay@1.2.2
- @posthog/agent@1.24.1
- @posthog/ai@7.1.2
- @posthog/cli@0.5.15
- @PostHog/wizard@1.18.1
The following versions are safe to install:
- posthog-js@1.298.0
- posthog-node@5.14.0
- posthog-plugin-hello-world@1.0.0
- posthog-react-native@4.13.0
- posthog-react-native-session-replay@1.2.3
- @posthog/agent@1.24.2
- @posthog/ai@7.2.0
- @posthog/cli@0.5.16
- @PostHog/wizard@1.18.2
MONITORING
5 months ago - at 11/24/2025 10:28AM
It looks like we were victim of the following attack that's hit over 300 packages: https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24
We've unpublished all relevant versions, and have published newer versions for all JS SDKs. Make sure you're on the latest version of our JS SDKs.
The following packages were compromised:
- posthog-node 4.18.1, 5.13.3 and 5.11.3
- posthog-js 1.297.3
- posthog-react-native 4.11.1
- posthog-docusaurus 2.0.6
INVESTIGATING
5 months ago - at 11/24/2025 09:42AM
We've identified that several of our packages contain compromised versions. We've unpublished the affected versions for our main repo, and are published new, safe versions of the packages.
INVESTIGATING
5 months ago - at 11/24/2025 09:39AM
We've identified that some client library packages published this morning contain compromised packages. We're working to patch and republish clean packages.
INVESTIGATING
5 months ago - at 11/24/2025 09:36AM
We've identified that a version of our Javascript packages contains compromised packages. We're working to patch and republish clean packages.
Latest PostHog US outages
Logs ingestion: processing delays - 7 days ago
Phishing emails sent via PostHog invite system - 11 days ago
Realtime destinations: overflow delivery issues - 26 days ago
Analytics: query timeouts/failures - 26 days ago
Never miss outages in third-party dependencies
With IsDown, you can monitor all your critical services' official status pages from one centralized dashboard and receive instant alerts the moment an outage is detected. Say goodbye to constantly checking multiple sites for updates and stay ahead of outages with IsDown.
Start free trialNo credit card required · Cancel anytime · 6320 services available
Integrations with
