Xactly is aware of recent reports regarding compromised NPM packages, including the Shai-Hulud attack disclosed on September 16, 2025. Our security and engineering teams have conducted a review and have confirmed that there is no indication that Xactly products and platforms have been affected by any of the impacted packages. We understand the seriousness of the NPM supply chain vulnerabilities and remain vigilant. Xactly will continue to closely monitor for any new disclosures and evolving threat intelligence related to NPM supply chain attacks, and will provide an update if our assessment changes
