Outage in PostHog
PostHog NPM packages compromised
Resolved MajorIncident Report
We've identified that a version of our Javascript packages contains compromised packages. We're working to patch and republish clean packages.
Need to monitor PostHog outages?
- Monitor all your external dependencies in one place
- Get instant alerts when outages are detected
- Be the first to know if service is down
- Show real-time status on private or public status page
- Keep your team informed
Latest Updates ( sorted recent to last )
RESOLVED
4 months ago - at 11/25/2025 02:40AM
With all malicious package versions unpublished, we've confirmed that there were no events sent by customers using the malicious versions. We're now actively hardening our npmjs deployment pipeline, our GitHub Actions workflows, and all Node projects to prevent a future incident. A public postmortem will follow with more detailed information, next steps, and learnings.
MONITORING
4 months ago - at 11/24/2025 04:32PM
It looks like we were victim of the following attack that's hit over 300 packages: https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24.
At the moment, we think there were no production deployments by customers of these versions. Just to make sure, you want to delete node_modules and run `pnpm cache delete` if using pnpm to make sure you don't have any affected packages running.
We've unpublished all relevant versions, and have published newer versions for all JS SDKs. Make sure you're on the latest version of our JS SDKs.
The following packages were compromised:
- posthog-node 4.18.1, 5.13.3 and 5.11.3
- posthog-js 1.297.3
- posthog-react-native 4.11.1
- posthog-docusaurus 2.0.6
- posthog-react-native-session-replay@1.2.2
- @posthog/agent@1.24.1
- @posthog/ai@7.1.2
- @posthog/cli@0.5.15
- @PostHog/wizard@1.18.1
The following versions are safe to install:
- posthog-js@1.298.0
- posthog-node@5.14.0
- posthog-plugin-hello-world@1.0.0
- posthog-react-native@4.13.0
- posthog-react-native-session-replay@1.2.3
- @posthog/agent@1.24.2
- @posthog/ai@7.2.0
- @posthog/cli@0.5.16
- @PostHog/wizard@1.18.2
MONITORING
4 months ago - at 11/24/2025 10:28AM
It looks like we were victim of the following attack that's hit over 300 packages: https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24
We've unpublished all relevant versions, and have published newer versions for all JS SDKs. Make sure you're on the latest version of our JS SDKs.
The following packages were compromised:
- posthog-node 4.18.1, 5.13.3 and 5.11.3
- posthog-js 1.297.3
- posthog-react-native 4.11.1
- posthog-docusaurus 2.0.6
INVESTIGATING
4 months ago - at 11/24/2025 09:42AM
We've identified that several of our packages contain compromised versions. We've unpublished the affected versions for our main repo, and are published new, safe versions of the packages.
INVESTIGATING
4 months ago - at 11/24/2025 09:39AM
We've identified that some client library packages published this morning contain compromised packages. We're working to patch and republish clean packages.
INVESTIGATING
4 months ago - at 11/24/2025 09:36AM
We've identified that a version of our Javascript packages contains compromised packages. We're working to patch and republish clean packages.
Latest PostHog outages
Analytics: query timeouts/failures - about 11 hours ago
Realtime destinations: delivery issues - 2 days ago
Application: partial outage - 6 days ago
Analytics: query timeouts/failures - 8 days ago
Event ingestion: processing delays - 13 days ago
The Status Page Aggregator with Early Outage Detection
With IsDown, you can monitor all your critical services' official status pages from one centralized dashboard and receive instant alerts the moment an outage is detected. Say goodbye to constantly checking multiple sites for updates and stay ahead of outages with IsDown.
Start free trialNo credit card required · Cancel anytime · 6020 services available
Integrations with
