Live Updates: Shai-Hulud, the Most Dangerous NPM Breach in History
We are tracking the largest and most dangerous npm supply-chain compromise in history, known as the Shai-Hulud malware campaign, which has now impacted hundreds of packages across multiple maintainers. This includes popular libraries such as @ctrl/tinycolor as well as packages maintained by CrowdStrike. Malicious versions embed a trojanized script (bundle.js) designed to steal developer credentials, exfiltrate secrets, and persist in repositories and endpoints through automated workflows. The ta