Outage in PostHog
PostHog NPM packages compromised
Resolved MajorIncident Report
We've identified that a version of our Javascript packages contains compromised packages. We're working to patch and republish clean packages.
Need to monitor PostHog outages?
One place to monitor all your cloud vendors. Get instant alerts when an outage is detected.
Latest Updates ( sorted recent to last )
RESOLVED
3 days ago - at 11/25/2025 02:40AM
With all malicious package versions unpublished, we've confirmed that there were no events sent by customers using the malicious versions. We're now actively hardening our npmjs deployment pipeline, our GitHub Actions workflows, and all Node projects to prevent a future incident. A public postmortem will follow with more detailed information, next steps, and learnings.
MONITORING
3 days ago - at 11/24/2025 04:32PM
It looks like we were victim of the following attack that's hit over 300 packages: https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24.
At the moment, we think there were no production deployments by customers of these versions. Just to make sure, you want to delete node_modules and run `pnpm cache delete` if using pnpm to make sure you don't have any affected packages running.
We've unpublished all relevant versions, and have published newer versions for all JS SDKs. Make sure you're on the latest version of our JS SDKs.
The following packages were compromised:
- posthog-node 4.18.1, 5.13.3 and 5.11.3
- posthog-js 1.297.3
- posthog-react-native 4.11.1
- posthog-docusaurus 2.0.6
- posthog-react-native-session-replay@1.2.2
- @posthog/agent@1.24.1
- @posthog/ai@7.1.2
- @posthog/cli@0.5.15
- @PostHog/wizard@1.18.1
The following versions are safe to install:
- posthog-js@1.298.0
- posthog-node@5.14.0
- posthog-plugin-hello-world@1.0.0
- posthog-react-native@4.13.0
- posthog-react-native-session-replay@1.2.3
- @posthog/agent@1.24.2
- @posthog/ai@7.2.0
- @posthog/cli@0.5.16
- @PostHog/wizard@1.18.2
MONITORING
3 days ago - at 11/24/2025 10:28AM
It looks like we were victim of the following attack that's hit over 300 packages: https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24
We've unpublished all relevant versions, and have published newer versions for all JS SDKs. Make sure you're on the latest version of our JS SDKs.
The following packages were compromised:
- posthog-node 4.18.1, 5.13.3 and 5.11.3
- posthog-js 1.297.3
- posthog-react-native 4.11.1
- posthog-docusaurus 2.0.6
INVESTIGATING
3 days ago - at 11/24/2025 09:42AM
We've identified that several of our packages contain compromised versions. We've unpublished the affected versions for our main repo, and are published new, safe versions of the packages.
INVESTIGATING
3 days ago - at 11/24/2025 09:39AM
We've identified that some client library packages published this morning contain compromised packages. We're working to patch and republish clean packages.
INVESTIGATING
3 days ago - at 11/24/2025 09:36AM
We've identified that a version of our Javascript packages contains compromised packages. We're working to patch and republish clean packages.
Latest PostHog outages
Elevated PostHog AI errors - about 23 hours ago
PostHog AI Elevated API Errors - 7 days ago
PostHog AI Elevated Errors - 7 days ago
Cloudflare Outage - 9 days ago
Sporadic Person Anomalies - 10 days ago
Status Aggregator for All Your Third-Party Services
With IsDown, you can monitor all your critical services' official status pages from one centralized dashboard and receive instant alerts the moment an outage is detected. Say goodbye to constantly checking multiple sites for updates and stay ahead of outages with IsDown.
Start free trialNo credit card required · Cancel anytime · 4600 services available
Integrations with
