Shai Hulud Strikes Again (v2) - Socket

socket.dev

Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected.

2 pages link to this URL

How we got hit by Shai-Hulud: A complete post-mortem | Trigger.dev

Triggerdotdev Eric Allam Nov 28, 2025

On November 25th, one of our engineers was compromised by the Shai-Hulud npm supply chain worm. Here's what happened, how we responded, and what we've changed.

2 inbound links BlogPosting en

No more tokens! Locking down npm Publish Workflows—zachleat.com

Zach Leatherman Zach Leatherman Dec 4, 2025

A post by Zach Leatherman (zachleat)

0 inbound links website en