Hackernews posts about Shai-Hulud

  1. Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised (socket.dev)
    1233 points by jamesberthoty 5 months ago | 1019 comments
  2. Shai-Hulud Returns: Over 300 NPM Packages Infected (helixguard.ai)
    1038 points by mrdosija 2 months ago | 775 comments
  3. Shai Hulud launches second supply-chain attack (www.aikido.dev)
    352 points by birdculture 2 months ago | 23 comments
  4. Shai-Hulud compromised a dev machine and raided GitHub org access: a post-mortem (trigger.dev)
    262 points by nkko about 2 months ago | 184 comments
  5. Post-mortem of Shai-Hulud attack on November 24th, 2025 (posthog.com)
    99 points by makepanic 2 months ago | 70 comments
  6. Live updates: Shai-hulud, the most dangerous NPM breach in history (www.koi.security)
    46 points by chha 5 months ago | 3 comments
  7. Shai-Hulud: The novel self-replicating worm infecting NPM packages (www.sysdig.com)
    7 points by Bogdanp 5 months ago | discuss
  8. Modern Developer Tools as Attack Surfaces: Lessons from Shai-Hulud (sitezwin.com)
    6 points by meel-hd 2 months ago | 2 comments
  9. The Shai-Hulud 2.0 npm worm: analysis, and what you need to know (securitylabs.datadoghq.com)
    4 points by saikatsg 2 months ago | 2 comments
  10. Shai Hulud strikes again – The golden path (www.aikido.dev)
    4 points by gpi about 1 month ago | discuss
  11. Shai-Hulud Strikes Again, Again. (NPM Supply Chain Attack) (socket.dev)
    3 points by pvtmert 2 months ago | 1 comments
  12. PyPI and Shai-Hulud: Staying Secure Amid Emerging Threats (blog.pypi.org)
    3 points by miketheman 2 months ago | discuss
  13. Shai-Hulud Supply-Chain Scanner (Rust) (github.com)
    3 points by ManfredMacx 5 months ago | discuss
  14. Big attack on NPM – Shai-Hulud 2.0 (about.gitlab.com)
    2 points by thomasfl 2 months ago | 3 comments
  15. Shai-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposing Secrets (www.wiz.io)
    2 points by samuel246 2 months ago | 1 comments
  16. Shai-Hulud malware infects 500 NPM packages, leaks secrets on GitHub (www.bleepingcomputer.com)
    2 points by speckx 2 months ago | 1 comments
  17. Self-Replicating NPM Package Supply Chain Worm 'Shai Hulud' (www.aikido.dev)
    2 points by oli5679 5 months ago | discuss
  18. How Replit Is Protecting You from the "Shai-Hulud" Worm (blog.replit.com)
    2 points by amrrs 5 months ago | discuss
  19. Show HN: HALUD YOUR HORSES – a container system to resist Shai-Hulud NPM attacks (github.com)
    1 points by neechoop 2 months ago | 7 comments
  20. Why Scanners Fail in Practice: Lessons from the Shai-Hulud Attacks on NPM (www.codecentric.de)
    1 points by F30 about 2 months ago | discuss
  21. How to use ReARM to check if Shai-Hulud 2.0 infiltrated your dependencies [video] (www.youtube.com)
    1 points by taleodor 2 months ago | discuss
  22. OreNPMGuard v2.0.0 – OSS for Shai-Hulud 2.0 NPM supply chain attack
    1 points by ahsansmir 2 months ago | discuss
  23. Show HN: Safe-NPM – only install packages that are +90 days old (github.com)
    90 points by kevinslin 2 months ago | 64 comments
  24. Show HN: Auto-Unpublish NPM Packages Published Outside CI (github.com)
    6 points by ethanblackburn 2 months ago | 2 comments
  25. Ask HN: Is ChatGPT/Claude suggesting to use malicious NPM packages?
    2 points by kjok 5 months ago | discuss
  26. The most dangerous NPM breach in History (www.koi.security)
    1 points by WanderingSoul 5 months ago | 1 comments