shai-hulud
3 posts
Article
npm was never a trust boundary
Technical analysis of the Shai-Hulud npm supply chain attack hitting 314 packages including echarts-for-react, size-sensor, and timeago.js.
Article
Shai-Hulud worm compromises 314 npm packages
Shai-Hulud npm worm hits 314 more packages via compromised maintainer accounts. Mechanism, telemetry gaps, and residual exposure analyzed.
Article
Shai-Hulud goes public
Shai-Hulud worm published to GitHub by teampcp. What is confirmed, what is not, and the publication interval that matters.