{
	"id": "33aaacec-0b16-4135-b9f2-0e3383e7a657",
	"created_at": "2026-04-29T02:22:03.932617Z",
	"updated_at": "2026-04-29T08:21:58.820831Z",
	"deleted_at": null,
	"sha1_hash": "f7636668f88aa00be1a160a70b62b7033f51ec53",
	"title": "Shai-Hulud 2.0: Aggressive, Automated, and Fast Spreading",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 95068,
	"plain_text": "Shai-Hulud 2.0: Aggressive, Automated, and Fast Spreading\r\nBy Gianpietro Cutolo\r\nPublished: 2025-11-26 · Archived: 2026-04-29 02:08:07 UTC\r\nIn mid-September 2025, security researchers first identified a supply-chain compromise in the npm ecosystem, the\r\noriginal Shai-Hulud campaign. The first known compromised package was @ctrl/tinycolor version 4.1.1.\r\nOnly two months later, a far more aggressive and automated wave appeared: Shai-Hulud 2.0. The second wave of\r\nthe Shai-Hulud campaign demonstrates an unprecedented level of automation and propagation speed,\r\ncompromising hundreds of npm packages within hours. By chaining credential theft, self-replication, and\r\nautomated republishing, the malware achieved rapid ecosystem-wide spread unlike anything previously observed\r\nin npm package supply-chain attacks.\r\nShai-Hulud 2.0 behaves like a worm, not a single compromised package. It automatically harvests and exfiltrates\r\ncredentials and cloud secrets to attacker-controlled GitHub repositories, ultimately spreading to new npm\r\naccounts.\r\nOnce launched, the malware immediately initiates a credential-harvesting routine targeting common sources of\r\ndeveloper secrets:\r\nIn addition, the malicious payload has functions prepared to use Trufflehog and git, to find maintained packages,\r\nsave files, and update packages.\r\ngithub_save_file()\r\ngithub_get_user()\r\ngithubGetPackagesByMaintainer()\r\ngithubUpdatePackage()\r\ngithubListRepos()\r\ngithub_save_file()\r\nOne of the most alarming aspects of Shai-Hulud 2.0 is its use of GitHub Actions as a persistent backdoor into\r\ninfected machines. After stealing a victim’s GitHub token, the malware registers the compromised host as a self-hosted runner under the name SHA1HULUD. This effectively enrolls the victim’s machine into the attacker’s\r\nremote-execution infrastructure.\r\nThe payload then plants a malicious workflow at .github/workflows/discussion.yaml. This workflow is\r\ndeliberately crafted with an injection weakness and configured to run only on self-hosted runners. As a result, the\r\nattacker can trigger arbitrary command execution on any infected machine simply by opening a GitHub\r\nDiscussion in the affected repository. This gives the attacker a persistent, stealthy foothold that blends in with\r\nnormal CI/CD activity.\r\nhttps://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed\r\nPage 1 of 9\n\nBeyond CLI-level control, the malware also uses stolen GitHub tokens to create public repositories that serve as\r\nexfiltration buckets. Each repository is stamped with a distinctive description marker: “Sha1-Hulud: The Second\r\nComing.”, allowing the attacker to locate and manage them easily. These repos store stolen credentials and secret-scanning results.\r\nCritically, Shai-Hulud 2.0 is designed to survive partial failures. If the initially stolen GitHub token lacks the\r\nnecessary permissions, the malware searches GitHub for other compromised repositories that include the same\r\n“Second Coming” marker, named with a 18-character alphanumeric randomly-generated string.\r\nEach repo may contain additional stolen tokens uploaded by other infected machines, organized in JSON files\r\nnamed after their contents with double base64 encoding.\r\nIf one of those tokens is valid, the malware adopts it, creating a distributed token-sharing network across all\r\ncompromised hosts. This effectively forms a self-healing botnet inside GitHub, where compromised machines can\r\nrescue each other if tokens expire or lose privileges.\r\nOnce GitHub persistence is established, the malware uses stolen npm tokens to weaponize the victim’s own\r\npackages, taking the following steps:\r\nIt represents a significant escalation in supply-chain attack sophistication.\r\nNetskope Threat Labs identified the initial-stage payload retrieval activity associated with this campaign, with the\r\ndetection “Script-JS.Worm.ShaiHulud”. Our investigations revealed no evidence of subsequent malicious\r\ndownloads or second-stage payload executions, indicating that the attack chain did not progress beyond the first\r\nstage on Netskope-protected systems.\r\nbun_environment.js\r\n62ee164b9b306250c1172583f138c9614139264f889fa99614903c12755468d0\r\nf099c5d9ec417d4445a0328ac0ada9cde79fc37410914103ae9c609cbc0ee068\r\ncbb9bc5a8496243e02f3cc080efbe3e4a1430ba0671f2e43a202bf45b05479cd\r\nPackage NameVersion @accordproject/concerto-analysis3.24.1 @accordproject/concerto-linter3.24.1\r\n@accordproject/concerto-linter-default-ruleset3.24.1 @accordproject/concerto-metamodel3.12.5\r\n@accordproject/concerto-types3.24.1 @accordproject/markdown-it-cicero0.16.26\r\n@accordproject/template-engine2.7.2 @actbase/css-to-react-native-transform1.0.3 @actbase/native0.1.32\r\n@actbase/node-server1.1.19 @actbase/react-absolute0.8.3 @actbase/react-daum-postcode1.0.5\r\n@actbase/react-kakaosdk0.9.27 @actbase/react-native-actionsheet1.0.3 @actbase/react-native-devtools0.1.3\r\n@actbase/react-native-fast-image8.5.13 @actbase/react-native-kakao-channel1.0.2 @actbase/react-native-kakao-navi2.0.4 @actbase/react-native-less-transformer1.0.6 @actbase/react-native-naver-login1.0.1\r\n@actbase/react-native-simple-video1.0.13 @actbase/react-native-tiktok1.1.3 @afetcan/api0.0.13\r\n@afetcan/storage0.0.27 @alaan/s2s-auth2.0.3 @alexadark/amadeus-api1.0.4 @alexadark/gatsby-theme-events1.0.1 @alexadark/gatsby-theme-wordpress-blog2.0.1 @alexadark/reusable-functions1.5.1\r\n@alexcolls/nuxt-socket.io0.0.7 @alexcolls/nuxt-socket.io0.0.8 @alexcolls/nuxt-ux0.6.1 @alexcolls/nuxt-ux0.6.2 @antstackio/eslint-config-antstack0.0.3 @antstackio/express-graphql-proxy0.2.8\r\n@antstackio/graphql-body-parser0.1.1 @antstackio/json-to-graphql1.0.3 @antstackio/shelbysam1.1.7\r\nhttps://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed\r\nPage 2 of 9\n\n@aryanhussain/my-angular-lib0.0.23 @asyncapi/avro-schema-parser3.0.25 @asyncapi/avro-schema-parser3.0.26 @asyncapi/bundler0.6.5 @asyncapi/bundler0.6.6 @asyncapi/cli4.1.2 @asyncapi/cli4.1.3\r\n@asyncapi/converter1.6.3 @asyncapi/converter1.6.4 @asyncapi/diff0.5.1 @asyncapi/diff0.5.2\r\n@asyncapi/dotnet-rabbitmq-template1.0.1 @asyncapi/dotnet-rabbitmq-template1.0.2\r\n@asyncapi/edavisualiser1.2.1 @asyncapi/edavisualiser1.2.2 @asyncapi/generator2.8.5\r\n@asyncapi/generator2.8.6 @asyncapi/generator-components0.3.2 @asyncapi/generator-components0.3.3\r\n@asyncapi/generator-helpers0.2.1 @asyncapi/generator-helpers0.2.2 @asyncapi/generator-react-sdk1.1.4\r\n@asyncapi/generator-react-sdk1.1.5 @asyncapi/go-watermill-template0.2.76 @asyncapi/go-watermill-template0.2.77 @asyncapi/html-template3.3.2 @asyncapi/html-template3.3.3 @asyncapi/java-spring-cloud-stream-template0.13.5 @asyncapi/java-spring-cloud-stream-template0.13.6 @asyncapi/java-spring-template1.6.1 @asyncapi/java-spring-template1.6.2 @asyncapi/java-template0.3.5 @asyncapi/java-template0.3.6 @asyncapi/keeper0.0.2 @asyncapi/keeper0.0.3 @asyncapi/markdown-template1.6.8\r\n@asyncapi/markdown-template1.6.9 @asyncapi/modelina5.10.3 @asyncapi/modelina-cli5.10.2\r\n@asyncapi/modelina-cli5.10.3 @asyncapi/multi-parser2.2.1 @asyncapi/multi-parser2.2.2\r\n@asyncapi/nodejs-template3.0.5 @asyncapi/nodejs-template3.0.6 @asyncapi/nodejs-ws-template0.10.1\r\n@asyncapi/nodejs-ws-template0.10.2 @asyncapi/nunjucks-filters2.1.1 @asyncapi/nunjucks-filters2.1.2\r\n@asyncapi/openapi-schema-parser3.0.25 @asyncapi/openapi-schema-parser3.0.26\r\n@asyncapi/optimizer1.0.5 @asyncapi/optimizer1.0.6 @asyncapi/parser3.4.1 @asyncapi/parser3.4.2\r\n@asyncapi/php-template0.1.1 @asyncapi/php-template0.1.2 @asyncapi/problem1.0.1\r\n@asyncapi/problem1.0.2 @asyncapi/protobuf-schema-parser3.5.2 @asyncapi/protobuf-schema-parser3.5.3\r\n@asyncapi/protobuf-schema-parser3.6.1 @asyncapi/python-paho-template0.2.14 @asyncapi/python-paho-template0.2.15 @asyncapi/react-component2.6.6 @asyncapi/react-component2.6.7 @asyncapi/server-api0.16.24 @asyncapi/server-api0.16.25 @asyncapi/specs6.8.3 @asyncapi/specs6.9.1 @asyncapi/studio1.0.2\r\n@asyncapi/studio1.0.3 @asyncapi/web-component2.6.6 @asyncapi/web-component2.6.7 @bdkinc/knex-ibmi0.5.7 @browserbasehq/bb91.2.21 @browserbasehq/director-ai1.0.3 @browserbasehq/mcp2.1.1\r\n@browserbasehq/mcp-server-browserbase2.4.2 @browserbasehq/sdk-functions0.0.4\r\n@browserbasehq/stagehand3.0.4 @browserbasehq/stagehand-docs1.0.1 @caretive/caret-cli0.0.2\r\n@chtijs/eslint-config1.0.1 @clausehq/flows-step-httprequest0.1.14 @clausehq/flows-step-jsontoxml0.1.14\r\n@clausehq/flows-step-mqtt0.1.14 @clausehq/flows-step-sendgridemail0.1.14 @clausehq/flows-step-taskscreateurl0.1.14 @cllbk/ghl1.3.1 @commute/bloom1.0.3 @commute/market-data1.0.2\r\n@commute/market-data-chartjs2.3.1 @dev-blinq/ai-qa-logic1.0.19 @dev-blinq/blinqioclient1.0.21 @dev-blinq/cucumber-js1.0.131 @dev-blinq/cucumber_client1.0.738 @dev-blinq/ui-systems1.0.93\r\n@ensdomains/address-encoder1.1.5 @ensdomains/blacklist1.0.1 @ensdomains/buffer0.1.2\r\n@ensdomains/ccip-read-cf-worker0.0.4 @ensdomains/ccip-read-dns-gateway0.1.1 @ensdomains/ccip-read-router0.0.7 @ensdomains/ccip-read-worker-viem0.0.4 @ensdomains/content-hash3.0.1\r\n@ensdomains/curvearithmetics1.0.1 @ensdomains/cypress-metamask1.2.1 @ensdomains/dnsprovejs0.5.3\r\n@ensdomains/dnssec-oracle-anchors0.0.2 @ensdomains/dnssecoraclejs0.2.9 @ensdomains/durin0.1.2\r\n@ensdomains/durin-middleware0.0.2 @ensdomains/ens-archived-contracts0.0.3 @ensdomains/ens-avatar1.0.4 @ensdomains/ens-contracts1.6.1 @ensdomains/ens-test-env1.0.2 @ensdomains/ens-validation0.1.1 @ensdomains/ensjs4.0.3 @ensdomains/ensjs-react0.0.5 @ensdomains/eth-ens-namehash2.0.16 @ensdomains/hackathon-registrar1.0.5 @ensdomains/hardhat-chai-matchers-viem0.1.15\r\n@ensdomains/hardhat-toolbox-viem-extended0.0.6 @ensdomains/mock2.1.52 @ensdomains/name-https://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed\r\nPage 3 of 9\n\nwrapper1.0.1 @ensdomains/offchain-resolver-contracts0.2.2 @ensdomains/op-resolver-contracts0.0.2\r\n@ensdomains/react-ens-address0.0.32 @ensdomains/renewal0.0.13 @ensdomains/renewal-widget0.1.10\r\n@ensdomains/reverse-records1.0.1 @ensdomains/server-analytics0.0.2 @ensdomains/solsha10.0.4\r\n@ensdomains/subdomain-registrar0.2.4 @ensdomains/test-utils1.3.1 @ensdomains/thorin0.6.51\r\n@ensdomains/ui3.4.6 @ensdomains/unicode-confusables0.1.1 @ensdomains/unruggable-gateways0.0.3\r\n@ensdomains/vite-plugin-i18next-loader4.0.4 @ensdomains/web3modal1.10.2 @everreal/react-charts2.0.2\r\n@everreal/validate-esmoduleinterop-imports1.4.4 @everreal/validate-esmoduleinterop-imports1.4.5\r\n@everreal/web-analytics0.0.2 @faq-component/core0.0.4 @faq-component/react1.0.1\r\n@fishingbooker/browser-sync-plugin1.0.5 @fishingbooker/react-loader1.0.7 @fishingbooker/react-pagination2.0.6 @fishingbooker/react-raty2.0.1 @fishingbooker/react-swiper0.1.5 @hapheus/n8n-nodes-pgp1.5.1 @hover-design/core0.0.1 @hover-design/react0.2.1 @huntersofbook/auth-vue0.4.2\r\n@huntersofbook/core0.5.1 @huntersofbook/core-nuxt0.4.2 @huntersofbook/form-naiveui0.5.1\r\n@huntersofbook/i18n0.8.2 @huntersofbook/ui0.5.1 @hyperlook/telemetry-sdk1.0.19\r\n@ifelsedeveloper/protocol-contracts-svm-idl0.1.2 @ifelsedeveloper/protocol-contracts-svm-idl0.1.3\r\n@ifings/design-system4.9.2 @ifings/metatron30.1.5 @jayeshsadhwani/telemetry-sdk1.0.14\r\n@kvytech/cli0.0.7 @kvytech/components0.0.2 @kvytech/habbit-e2e-test0.0.2 @kvytech/medusa-plugin-announcement0.0.8 @kvytech/medusa-plugin-management0.0.5 @kvytech/medusa-plugin-newsletter0.0.5\r\n@kvytech/medusa-plugin-product-reviews0.0.9 @kvytech/medusa-plugin-promotion0.0.2\r\n@kvytech/web0.0.2 @lessondesk/api-client9.12.2 @lessondesk/api-client9.12.3 @lessondesk/babel-preset1.0.1 @lessondesk/electron-group-api-client1.0.3 @lessondesk/eslint-config1.4.2\r\n@lessondesk/material-icons1.0.3 @lessondesk/react-table-context2.0.4 @lessondesk/schoolbus5.2.2\r\n@lessondesk/schoolbus5.2.3 @livecms/live-edit0.0.32 @livecms/nuxt-live-edit1.9.2 @lokeswari-satyanarayanan/rn-zustand-expo-template1.0.9 @louisle2/core1.0.1 @louisle2/cortex-js0.1.6\r\n@lpdjs/firestore-repo-service1.0.1 @lui-ui/lui-nuxt0.1.1 @lui-ui/lui-tailwindcss0.1.2 @lui-ui/lui-vue1.0.13\r\n@markvivanco/app-version-checker1.0.2 @mcp-use/cli2.2.6 @mcp-use/cli2.2.7 @mcp-use/inspector0.6.2\r\n@mcp-use/inspector0.6.3 @mcp-use/mcp-use1.0.1 @mcp-use/mcp-use1.0.2 @micado-digital/stadtmarketing-kufstein-external1.9.1 @mizzle-dev/orm0.0.2 @ntnx/passport-wso20.0.3\r\n@ntnx/t0.0.101 @oku-ui/accordion0.6.2 @oku-ui/alert-dialog0.6.2 @oku-ui/arrow0.6.2 @oku-ui/aspect-ratio0.6.2 @oku-ui/avatar0.6.2 @oku-ui/checkbox0.6.3 @oku-ui/collapsible0.6.2 @oku-ui/collection0.6.2\r\n@oku-ui/dialog0.6.2 @oku-ui/direction0.6.2 @oku-ui/dismissable-layer0.6.2 @oku-ui/focus-guards0.6.2\r\n@oku-ui/focus-scope0.6.2 @oku-ui/hover-card0.6.2 @oku-ui/label0.6.2 @oku-ui/menu0.6.2 @oku-ui/motion0.4.4 @oku-ui/motion-nuxt0.2.2 @oku-ui/popover0.6.2 @oku-ui/popper0.6.2 @oku-ui/portal0.6.2\r\n@oku-ui/presence0.6.2 @oku-ui/primitive0.6.2 @oku-ui/primitives0.7.9 @oku-ui/primitives-nuxt0.3.1\r\n@oku-ui/progress0.6.2 @oku-ui/provide0.6.2 @oku-ui/radio-group0.6.2 @oku-ui/roving-focus0.6.2 @oku-ui/scroll-area0.6.2 @oku-ui/separator0.6.2 @oku-ui/slider0.6.2 @oku-ui/slot0.6.2 @oku-ui/switch0.6.2\r\n@oku-ui/tabs0.6.2 @oku-ui/toast0.6.2 @oku-ui/toggle0.6.2 @oku-ui/toggle-group0.6.2 @oku-ui/toolbar0.6.2\r\n@oku-ui/tooltip0.6.2 @oku-ui/use-composable0.6.2 @oku-ui/utils0.6.2 @oku-ui/visually-hidden0.6.2\r\n@orbitgtbelgium/mapbox-gl-draw-cut-polygon-mode2.0.5 @orbitgtbelgium/mapbox-gl-draw-scale-rotate-mode1.1.1 @orbitgtbelgium/orbit-components1.2.9 @orbitgtbelgium/time-slider1.0.187\r\n@osmanekrem/bmad1.0.6 @osmanekrem/error-handler1.2.2 @pergel/cli0.11.1 @pergel/module-box0.6.1\r\n@pergel/module-graphql0.6.1 @pergel/module-ui0.0.9 @pergel/nuxt0.25.5 @posthog/agent1.24.1\r\n@posthog/ai7.1.2 @posthog/automatic-cohorts-plugin0.0.8 @posthog/bitbucket-release-tracker0.0.8\r\nhttps://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed\r\nPage 4 of 9\n\n@posthog/cli0.5.15 @posthog/clickhouse1.7.1 @posthog/core1.5.6 @posthog/currency-normalization-plugin0.0.8 @posthog/customerio-plugin0.0.8 @posthog/databricks-plugin0.0.8 @posthog/drop-events-on-property-plugin0.0.8 @posthog/event-sequence-timer-plugin0.0.8 @posthog/filter-out-plugin0.0.8\r\n@posthog/first-time-event-tracker0.0.8 @posthog/geoip-plugin0.0.8 @posthog/github-release-tracking-plugin0.0.8 @posthog/gitub-star-sync-plugin0.0.8 @posthog/heartbeat-plugin0.0.8 @posthog/hedgehog-mode0.0.42 @posthog/icons0.36.1 @posthog/ingestion-alert-plugin0.0.8 @posthog/intercom-plugin0.0.8\r\n@posthog/kinesis-plugin0.0.8 @posthog/laudspeaker-plugin0.0.8 @posthog/lemon-ui0.0.1\r\n@posthog/maxmind-plugin0.1.6 @posthog/migrator3000-plugin0.0.8 @posthog/netdata-event-processing0.0.8 @posthog/nextjs0.0.3 @posthog/nextjs-config1.5.1 @posthog/nuxt1.2.9\r\n@posthog/pagerduty-plugin0.0.8 @posthog/piscina3.2.1 @posthog/plugin-contrib0.0.6 @posthog/plugin-server1.10.8 @posthog/plugin-unduplicates0.0.8 @posthog/postgres-plugin0.0.8 @posthog/react-rrweb-player1.1.4 @posthog/rrdom0.0.31 @posthog/rrweb0.0.31 @posthog/rrweb-player0.0.31 @posthog/rrweb-record0.0.31 @posthog/rrweb-replay0.0.19 @posthog/rrweb-snapshot0.0.31 @posthog/rrweb-utils0.0.31\r\n@posthog/sendgrid-plugin0.0.8 @posthog/siphash1.1.2 @posthog/snowflake-export-plugin0.0.8\r\n@posthog/taxonomy-plugin0.0.8 @posthog/twilio-plugin0.0.8 @posthog/twitter-followers-plugin0.0.8\r\n@posthog/url-normalizer-plugin0.0.8 @posthog/variance-plugin0.0.8 @posthog/web-dev-server1.0.5\r\n@posthog/wizard1.18.1 @posthog/zendesk-plugin0.0.8 @postman/csv-parse4.0.3 @postman/csv-parse4.0.5\r\n@postman/final-node-keytar7.9.1 @postman/final-node-keytar7.9.2 @postman/final-node-keytar7.9.3\r\n@postman/mcp-ui-client5.5.1 @postman/mcp-ui-client5.5.3 @postman/node-keytar7.9.4 @postman/node-keytar7.9.6 @postman/pm-bin-linux-x641.24.3 @postman/pm-bin-linux-x641.24.4 @postman/pm-bin-linux-x641.24.5 @postman/pm-bin-macos-arm641.24.3 @postman/pm-bin-macos-arm641.24.5\r\n@postman/pm-bin-macos-x641.24.3 @postman/pm-bin-macos-x641.24.5 @postman/pm-bin-windows-x641.24.3 @postman/pm-bin-windows-x641.24.5 @postman/postman-collection-fork4.3.3\r\n@postman/postman-collection-fork4.3.5 @postman/postman-mcp-cli1.0.3 @postman/postman-mcp-cli1.0.4\r\n@postman/postman-mcp-cli1.0.5 @postman/postman-mcp-server2.4.10 @postman/postman-mcp-server2.4.12 @postman/pretty-ms6.1.1 @postman/pretty-ms6.1.2 @postman/pretty-ms6.1.3\r\n@postman/secret-scanner-wasm2.1.3 @postman/secret-scanner-wasm2.1.4 @postman/tunnel-agent0.6.5\r\n@postman/tunnel-agent0.6.6 @postman/tunnel-agent0.6.7 @postman/wdio-allure-reporter0.0.7\r\n@postman/wdio-allure-reporter0.0.9 @postman/wdio-junit-reporter0.0.4 @postman/wdio-junit-reporter0.0.5 @postman/wdio-junit-reporter0.0.6 @pradhumngautam/common-app1.0.2\r\n@productdevbook/animejs-vue0.2.1 @productdevbook/auth0.2.2 @productdevbook/chatwoot2.0.1\r\n@productdevbook/motion1.0.4 @productdevbook/ts-i18n1.4.2 @pruthvi21/use-debounce1.0.3 @quick-start-soft/quick-document-translator1.4.2511142126 @quick-start-soft/quick-git-clean-markdown1.4.2511142126 @quick-start-soft/quick-markdown1.4.2511142126 @quick-start-soft/quick-markdown-compose1.4.2506300029 @quick-start-soft/quick-markdown-image1.4.2511142126 @quick-start-soft/quick-markdown-print1.4.2511142126 @quick-start-soft/quick-markdown-translator1.4.2509202331 @quick-start-soft/quick-remove-image-background1.4.2511142126 @quick-start-soft/quick-task-refine1.4.2511142126 @relyt/claude-context-core0.1.1 @relyt/claude-context-mcp0.1.1\r\n@sameepsi/sor1.0.3 @sameepsi/sor22.0.2 @seezo/sdr-mcp-server0.0.5 @seung-ju/next0.0.2 @seung-ju/openapi-generator0.0.4 @seung-ju/react-hooks0.0.2 @seung-ju/react-native-action-sheet0.2.1\r\n@silgi/better-auth0.8.1 @silgi/drizzle0.8.4 @silgi/ecosystem0.7.6 @silgi/graphql0.7.15 @silgi/module-builder0.8.8 @silgi/openapi0.7.4 @silgi/permission0.6.8 @silgi/ratelimit0.2.1 @silgi/scalar0.6.2\r\nhttps://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed\r\nPage 5 of 9\n\n@silgi/yoga0.7.1 @sme-ui/aoma-vevasound-metadata-lib0.1.3 @strapbuild/react-native-date-time-picker2.0.4 @strapbuild/react-native-perspective-image-cropper0.4.15 @strapbuild/react-native-perspective-image-cropper-20.4.7 @strapbuild/react-native-perspective-image-cropper-poojan310.4.6\r\n@suraj_h/medium-common1.0.5 @thedelta/eslint-config1.0.2 @tiaanduplessis/json2.0.2\r\n@tiaanduplessis/json2.0.3 @tiaanduplessis/react-progressbar1.0.1 @tiaanduplessis/react-progressbar1.0.2\r\n@trackstar/angular-trackstar-link1.0.2 @trackstar/react-trackstar-link2.0.21 @trackstar/react-trackstar-link-upgrade1.1.10 @trackstar/test-angular-package0.0.9 @trackstar/test-package1.1.5 @trefox/sleekshop-js0.1.6 @trigo/atrix7.0.1 @trigo/atrix-acl4.0.2 @trigo/atrix-elasticsearch2.0.1 @trigo/atrix-mongoose1.0.2\r\n@trigo/atrix-orientdb1.0.2 @trigo/atrix-postgres1.0.3 @trigo/atrix-pubsub4.0.3 @trigo/atrix-redis1.0.2\r\n@trigo/atrix-soap1.0.2 @trigo/atrix-swagger3.0.1 @trigo/bool-expressions4.1.3 @trigo/eslint-config-trigo3.3.1 @trigo/fsm3.4.2 @trigo/hapi-auth-signedlink1.3.1 @trigo/jsdt0.2.1 @trigo/keycloak-api1.3.1\r\n@trigo/node-soap0.5.4 @trigo/pathfinder-ui-css0.1.1 @trigo/trigo-hapijs5.0.1 @trpc-rate-limiter/cloudflare0.1.4 @trpc-rate-limiter/hono0.1.4 @varsityvibe/api-client1.3.36 @varsityvibe/api-client1.3.37 @varsityvibe/utils5.0.6 @varsityvibe/validation-schemas0.6.7 @varsityvibe/validation-schemas0.6.8 @viapip/eslint-config0.2.4 @vishadtyagi/full-year-calendar0.1.11 @voiceflow/alexa-types2.15.61 @voiceflow/anthropic0.4.4 @voiceflow/anthropic0.4.5 @voiceflow/api-sdk3.28.59\r\n@voiceflow/backend-utils5.0.1 @voiceflow/backend-utils5.0.2 @voiceflow/base-types2.136.2\r\n@voiceflow/base-types2.136.3 @voiceflow/body-parser1.21.2 @voiceflow/body-parser1.21.3\r\n@voiceflow/chat-types2.14.58 @voiceflow/chat-types2.14.59 @voiceflow/circleci-config-sdk-orb-import0.2.1\r\n@voiceflow/circleci-config-sdk-orb-import0.2.2 @voiceflow/commitlint-config2.6.1 @voiceflow/commitlint-config2.6.2 @voiceflow/common8.9.1 @voiceflow/common8.9.2 @voiceflow/default-prompt-wrappers1.7.3\r\n@voiceflow/default-prompt-wrappers1.7.4 @voiceflow/dependency-cruiser-config1.8.11\r\n@voiceflow/dependency-cruiser-config1.8.12 @voiceflow/dtos-interact1.40.1 @voiceflow/dtos-interact1.40.2\r\n@voiceflow/encryption0.3.2 @voiceflow/encryption0.3.3 @voiceflow/eslint-config7.16.4 @voiceflow/eslint-config7.16.5 @voiceflow/eslint-plugin1.6.1 @voiceflow/eslint-plugin1.6.2 @voiceflow/exception1.10.1\r\n@voiceflow/exception1.10.2 @voiceflow/fetch1.11.1 @voiceflow/fetch1.11.2 @voiceflow/general-types3.2.22\r\n@voiceflow/general-types3.2.23 @voiceflow/git-branch-check1.4.3 @voiceflow/git-branch-check1.4.4\r\n@voiceflow/google-dfes-types2.17.12 @voiceflow/google-dfes-types2.17.13 @voiceflow/google-types2.21.13\r\n@voiceflow/husky-config1.3.1 @voiceflow/husky-config1.3.2 @voiceflow/logger2.4.2 @voiceflow/logger2.4.3\r\n@voiceflow/metrics1.5.1 @voiceflow/metrics1.5.2 @voiceflow/natural-language-commander0.5.2\r\n@voiceflow/natural-language-commander0.5.3 @voiceflow/nestjs-common2.75.2 @voiceflow/nestjs-common2.75.3 @voiceflow/nestjs-mongodb1.3.1 @voiceflow/nestjs-mongodb1.3.2 @voiceflow/nestjs-rate-limit1.3.2 @voiceflow/nestjs-rate-limit1.3.3 @voiceflow/nestjs-redis1.3.1 @voiceflow/nestjs-redis1.3.2\r\n@voiceflow/nestjs-timeout1.3.1 @voiceflow/nestjs-timeout1.3.2 @voiceflow/npm-package-json-lint-config1.1.1 @voiceflow/openai3.2.2 @voiceflow/openai3.2.3 @voiceflow/pino6.11.3 @voiceflow/pino6.11.4\r\n@voiceflow/pino-pretty4.4.1 @voiceflow/pino-pretty4.4.2 @voiceflow/prettier-config1.10.1\r\n@voiceflow/prettier-config1.10.2 @voiceflow/react-chat1.65.4 @voiceflow/runtime1.29.1\r\n@voiceflow/runtime1.29.2 @voiceflow/runtime-client-js1.17.2 @voiceflow/runtime-client-js1.17.3\r\n@voiceflow/sdk-runtime1.43.1 @voiceflow/sdk-runtime1.43.2 @voiceflow/secrets-provider1.9.2\r\n@voiceflow/secrets-provider1.9.3 @voiceflow/semantic-release-config1.4.1 @voiceflow/semantic-release-config1.4.2 @voiceflow/serverless-plugin-typescript2.1.7 @voiceflow/serverless-plugin-typescript2.1.8\r\n@voiceflow/slate-serializer1.7.3 @voiceflow/slate-serializer1.7.4 @voiceflow/stitches-react2.3.2\r\nhttps://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed\r\nPage 6 of 9\n\n@voiceflow/stitches-react2.3.3 @voiceflow/storybook-config1.2.2 @voiceflow/storybook-config1.2.3\r\n@voiceflow/stylelint-config1.1.1 @voiceflow/stylelint-config1.1.2 @voiceflow/test-common2.1.1\r\n@voiceflow/test-common2.1.2 @voiceflow/tsconfig1.12.1 @voiceflow/tsconfig1.12.2 @voiceflow/tsconfig-paths1.1.4 @voiceflow/tsconfig-paths1.1.5 @voiceflow/utils-designer1.74.20 @voiceflow/verror1.1.4\r\n@voiceflow/verror1.1.5 @voiceflow/vite-config2.6.2 @voiceflow/vite-config2.6.3 @voiceflow/vitest-config1.10.2 @voiceflow/vitest-config1.10.3 @voiceflow/voice-types2.10.58 @voiceflow/voice-types2.10.59\r\n@voiceflow/voiceflow-types3.32.45 @voiceflow/voiceflow-types3.32.46 @voiceflow/widget1.7.18\r\n@voiceflow/widget1.7.19 @vucod/email0.0.3 @zapier/ai-actions0.1.18 @zapier/ai-actions0.1.19 @zapier/ai-actions0.1.20 @zapier/ai-actions-react0.1.12 @zapier/ai-actions-react0.1.13 @zapier/ai-actions-react0.1.14\r\n@zapier/babel-preset-zapier6.4.1 @zapier/babel-preset-zapier6.4.2 @zapier/babel-preset-zapier6.4.3\r\n@zapier/browserslist-config-zapier1.0.3 @zapier/browserslist-config-zapier1.0.4 @zapier/browserslist-config-zapier1.0.5 @zapier/eslint-plugin-zapier11.0.3 @zapier/eslint-plugin-zapier11.0.4 @zapier/eslint-plugin-zapier11.0.5 @zapier/mcp-integration3.0.1 @zapier/mcp-integration3.0.2 @zapier/mcp-integration3.0.3 @zapier/secret-scrubber1.1.3 @zapier/secret-scrubber1.1.4 @zapier/secret-scrubber1.1.5\r\n@zapier/spectral-api-ruleset1.9.1 @zapier/spectral-api-ruleset1.9.2 @zapier/spectral-api-ruleset1.9.3\r\n@zapier/stubtree0.1.2 @zapier/stubtree0.1.3 @zapier/stubtree0.1.4 @zapier/zapier-sdk0.15.5\r\n@zapier/zapier-sdk0.15.6 @zapier/zapier-sdk0.15.7 02-echo0.0.7 ai-crowl-shield1.0.7 arc-cli-fc1.0.1\r\nasciitranslator1.0.3 asyncapi-preview1.0.1 asyncapi-preview1.0.2 atrix1.0.1 atrix-mongoose1.0.1\r\nautomation_model1.0.491 avvvatars-vue1.1.2 axios-builder1.2.1 axios-cancelable1.0.1 axios-cancelable1.0.2\r\naxios-timed1.0.1 axios-timed1.0.2 babel-preset-kinvey-flex-service0.1.1 barebones-css1.1.3 barebones-css1.1.4 benmostyn-frame-print1.0.1 best_gpio_controller1.0.10 better-auth-nuxt0.0.10 better-queue-nedb0.1.5 bidirectional-adapter1.2.2 bidirectional-adapter1.2.3 bidirectional-adapter1.2.4 bidirectional-adapter1.2.5 blinqio-executions-cli1.0.41 blob-to-base641.0.3 bool-expressions0.1.2 buffered-interpolation-babylon60.2.8 bun-plugin-httpfile0.1.1 bytecode-checker-cli1.0.10 bytecode-checker-cli1.0.11 bytecode-checker-cli1.0.8 bytecode-checker-cli1.0.9 bytes-to-x1.0.1 calc-loan-interest1.0.4 capacitor-plugin-apptrackingios0.0.21 capacitor-plugin-purchase0.1.1 capacitor-plugin-scgssigninwithgoogle0.0.5 capacitor-purchase-history0.0.10 capacitor-voice-recorder-wav6.0.3 ceviz0.0.5 chrome-extension-downloads0.0.3\r\nchrome-extension-downloads0.0.4 claude-token-updater1.0.3 coinmarketcap-api3.1.2 coinmarketcap-api3.1.3 colors-regex2.0.1 command-irail0.5.4 compare-obj1.1.1 compare-obj1.1.2 composite-reducer1.0.2\r\ncomposite-reducer1.0.3 composite-reducer1.0.4 composite-reducer1.0.5 count-it-down1.0.1 count-it-down1.0.2 cpu-instructions0.0.14 create-director-app0.1.1 create-glee-app0.2.2 create-glee-app0.2.3 create-hardhat3-app1.1.1 create-hardhat3-app1.1.2 create-hardhat3-app1.1.3 create-hardhat3-app1.1.4 create-kinvey-flex-service0.2.1 create-mcp-use-app0.5.3 create-mcp-use-app0.5.4 create-silgi0.3.1 crypto-addr-codec0.1.9 css-dedoupe0.1.2 csv-tool-cli1.2.1 dashboard-empty-state1.0.3 designstudiouiux1.0.1 devstart-cli1.0.6 dialogflow-es1.1.2 dialogflow-es1.1.3 dialogflow-es1.1.4 discord-bot-server0.1.2 docusaurus-plugin-vanilla-extract1.0.3 dont-go1.1.2 dotnet-template0.0.3 dotnet-template0.0.4 drop-events-on-property-plugin0.0.2 easypanel-sdk0.3.2 electron-volt0.0.2 email-deliverability-tester1.1.1 enforce-branch-name1.1.3\r\nesbuild-plugin-brotli0.2.1 esbuild-plugin-eta0.1.1 esbuild-plugin-httpfile0.4.1 eslint-config-kinvey-flex-service0.1.1 eslint-config-nitpicky4.0.1 eslint-config-trigo22.0.2 eslint-config-zeallat-base1.0.4 ethereum-ens0.8.1 evm-checkcode-cli1.0.12 evm-checkcode-cli1.0.13 evm-checkcode-cli1.0.14 evm-checkcode-cli1.0.15\r\nexact-ticker0.3.5 expo-audio-session0.2.1 expo-router-on-rails0.0.4 express-starter-template1.0.10\r\nexpressos1.1.3 fat-fingered1.0.1 fat-fingered1.0.2 feature-flip1.0.1 feature-flip1.0.2 firestore-search-https://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed\r\nPage 7 of 9\n\nengine1.2.3 fittxt1.0.2 fittxt1.0.3 flapstacks1.0.1 flapstacks1.0.2 flatten-unflatten1.0.1 flatten-unflatten1.0.2\r\nformik-error-focus2.0.1 formik-store1.0.1 frontity-starter-theme1.0.1 fuzzy-finder1.0.5 fuzzy-finder1.0.6\r\ngate-evm-check-code22.0.3 gate-evm-check-code22.0.4 gate-evm-check-code22.0.5 gate-evm-check-code22.0.6 gate-evm-tools-test1.0.5 gate-evm-tools-test1.0.6 gate-evm-tools-test1.0.7 gate-evm-tools-test1.0.8\r\ngatsby-plugin-antd2.2.1 gatsby-plugin-cname1.0.1 gatsby-plugin-cname1.0.2 generator-meteor-stock0.1.6\r\ngenerator-ng-itobuz0.0.15 get-them-args1.3.3 github-action-for-generator2.1.27 github-action-for-generator2.1.28 gitsafe1.0.5 go-template0.1.8 go-template0.1.9 gulp-inject-envs1.2.1 gulp-inject-envs1.2.2\r\nhaufe-axera-api-client0.0.2 hope-mapboxdraw0.1.1 hopedraw1.0.3 hover-design-prototype0.0.5\r\nhttpness1.0.2 httpness1.0.3 hyper-fullfacing1.0.3 hyperterm-hipster1.0.7 ids-css1.5.1 ids-enterprise-mcp-server0.0.2 ids-enterprise-typings20.1.6 image-to-uri1.0.1 image-to-uri1.0.2 insomnia-plugin-random-pick1.0.4 invo0.2.2 iron-shield-miniapp0.0.2 ito-button8.0.3 itobuz-angular0.0.1 itobuz-angular-auth8.0.11\r\nitobuz-angular-button8.0.11 jacob-zuma1.0.1 jacob-zuma1.0.2 jaetut-varit-test1.0.2 jan-browser0.13.1\r\njquery-bindings1.1.2 jquery-bindings1.1.3 jsonsurge1.0.7 just-toasty1.7.1 kill-port2.0.2 kill-port2.0.3\r\nkinetix-default-token-list1.0.5 kinvey-cli-wrapper0.3.1 kinvey-flex-scripts0.5.1 kns-error-code1.0.8 korea-administrative-area-geo-json-util1.0.7 kwami1.5.10 kwami1.5.9 lang-codes1.0.1 lang-codes1.0.2 license-o-matic1.2.1 license-o-matic1.2.2 lint-staged-imagemin1.3.1 lint-staged-imagemin1.3.2 lite-serper-mcp-server0.2.2 lui-vue-test0.70.9 luno-api1.2.3 m25-transaction-utils1.1.16 manual-billing-system-miniapp-api1.3.1 mcp-use1.4.2 mcp-use1.4.3 medusa-plugin-announcement0.0.3 medusa-plugin-logs0.0.17 medusa-plugin-momo0.0.68 medusa-plugin-product-reviews-kvy0.0.4 medusa-plugin-zalopay0.0.40 mod10-check-digit1.0.1 mon-package-react-typescript1.0.1 my-saeed-lib0.1.1 n8n-nodes-tmdb0.5.1 n8n-nodes-vercel-ai-sdk0.1.7 n8n-nodes-viral-app0.2.5 nanoreset7.0.1 nanoreset7.0.2 next-circular-dependency1.0.2 next-circular-dependency1.0.3 next-simple-google-analytics1.1.1 next-simple-google-analytics1.1.2 next-styled-nprogress1.0.4 next-styled-nprogress1.0.5 ngx-useful-swiper-prosenjit9.0.2 ngx-wooapi12.0.1 nitro-graphql1.5.12 nitro-kutu0.1.1 nitrodeploy1.0.8 nitroping0.1.1 normal-store1.3.1 normal-store1.3.2 normal-store1.3.3 normal-store1.3.4 nuxt-keycloak0.2.2 obj-to-css1.0.2 obj-to-css1.0.3 okta-react-router-65.0.1\r\nopen2internet0.1.1 orbit-boxicons2.1.3 orbit-nebula-draw-tools1.0.10 orbit-nebula-editor1.0.2 orbit-soap0.43.13 orchestrix12.1.2 package-tester1.0.1 parcel-plugin-asset-copier1.1.2 parcel-plugin-asset-copier1.1.3 pdf-annotation0.0.2 pergel0.13.2 pergeltest0.0.25 piclite1.0.1 pico-uid1.0.3 pico-uid1.0.4 pkg-readme1.1.1 poper-react-sdk0.1.2 posthog-docusaurus2.0.6 posthog-js1.297.3 posthog-node4.18.1 posthog-node5.13.3 posthog-plugin-hello-world1.0.1 posthog-react-native4.11.1 posthog-react-native4.12.5 posthog-react-native-session-replay1.2.2 prime-one-table0.0.19 prompt-eng1.0.50 prompt-eng-server1.0.18 puny-req1.0.3 quickswap-ads-list1.0.33 quickswap-default-staking-list1.0.11 quickswap-default-staking-list-address1.0.55 quickswap-default-token-list1.5.16 quickswap-router-sdk1.0.1 quickswap-sdk3.0.44\r\nquickswap-smart-order-router1.0.1 quickswap-token-lists1.0.3 quickswap-v2-sdk2.0.1 ra-auth-firebase1.0.3\r\nra-data-firebase1.0.7 ra-data-firebase1.0.8 react-component-taggers0.1.9 react-data-to-export1.0.1 react-element-prompt-inspector0.1.18 react-favic1.0.2 react-hook-form-persist3.0.1 react-hook-form-persist3.0.2\r\nreact-jam-icons1.0.1 react-jam-icons1.0.2 react-keycloak-context1.0.8 react-keycloak-context1.0.9 react-library-setup0.0.6 react-linear-loader1.0.2 react-micromodal.js1.0.1 react-micromodal.js1.0.2 react-native-datepicker-modal1.3.1 react-native-datepicker-modal1.3.2 react-native-email2.1.1 react-native-email2.1.2\r\nreact-native-fetch2.0.1 react-native-fetch2.0.2 react-native-get-pixel-dimensions1.0.1 react-native-get-pixel-dimensions1.0.2 react-native-google-maps-directions2.1.2 react-native-jam-icons1.0.1 react-native-jam-icons1.0.2 react-native-log-level1.2.1 react-native-log-level1.2.2 react-native-modest-checkbox3.3.1 react-https://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed\r\nPage 8 of 9\n\nnative-modest-storage2.1.1 react-native-phone-call1.2.1 react-native-phone-call1.2.2 react-native-retriable-fetch2.0.1 react-native-retriable-fetch2.0.2 react-native-use-modal1.0.3 react-native-view-finder1.2.1 react-native-view-finder1.2.2 react-native-websocket1.0.3 react-native-websocket1.0.4 react-native-worklet-functions3.3.3 react-packery-component1.0.3 react-qr-image1.1.1 react-scrambled-text1.0.4 rediff1.0.5\r\nrediff-viewer0.0.7 redux-forge2.5.3 redux-router-kit1.2.2 redux-router-kit1.2.3 redux-router-kit1.2.4\r\nrevenuecat1.0.1 rollup-plugin-httpfile0.2.1 sa-company-registration-number-regex1.0.1 sa-company-registration-number-regex1.0.2 sa-id-gen1.0.4 sa-id-gen1.0.5 samesame1.0.3 scgs-capacitor-subscribe1.0.11\r\nscgsffcreator1.0.5 schob1.0.3 selenium-session1.0.5 selenium-session-client1.0.4 set-nested-prop2.0.1 set-nested-prop2.0.2 shelf-jwt-sessions0.1.2 shell-exec1.1.3 shell-exec1.1.4 shinhan-limit-scrap1.0.3 silgi0.43.30\r\nsimplejsonform1.0.1 skills-use0.1.1 skills-use0.1.2 solomon-api-stories1.0.2 solomon-v3-stories1.15.6\r\nsolomon-v3-ui-wrapper1.6.1 soneium-acs1.0.1 sort-by-distance2.0.1 south-african-id-info1.0.2 stat-fns1.0.1\r\nstoor2.3.2 sufetch0.4.1 super-commit1.0.1 svelte-autocomplete-select1.1.1 svelte-toasty1.1.2 svelte-toasty1.1.3 tanstack-shadcn-table1.1.5 tavily-module1.0.1 tcsp2.0.2 tcsp-draw-test1.0.5 tcsp-test-vd2.4.4\r\ntemplate-lib1.1.3 template-lib1.1.4 template-micro-service1.0.2 template-micro-service1.0.3 tenacious-fetch2.3.2 tenacious-fetch2.3.3 test-foundry-app1.0.1 test-foundry-app1.0.2 test-foundry-app1.0.3 test-foundry-app1.0.4 test-hardhat-app1.0.1 test-hardhat-app1.0.2 test-hardhat-app1.0.3 test-hardhat-app1.0.4\r\ntest23112222-api1.0.1 tiaan1.0.2 tiptap-shadcn-vue0.2.1 token.js-fork0.7.32 toonfetch0.3.2 trigo-react-app4.1.2 ts-relay-cursor-paging2.1.1 typeface-antonio-complete1.0.5 typefence1.2.2 typefence1.2.3 typeorm-orbit0.2.27 unadapter0.1.3 undefsafe-typed1.0.3 undefsafe-typed1.0.4 unemail0.3.1 uniswap-router-sdk1.6.2\r\nuniswap-smart-order-router3.16.26 uniswap-test-sdk-core4.0.8 unsearch0.0.3 uplandui0.5.4 upload-to-play-store1.0.1 upload-to-play-store1.0.2 url-encode-decode1.0.1 url-encode-decode1.0.2 use-unsaved-changes1.0.9 v-plausible1.2.1 valid-south-african-id1.0.3 valuedex-sdk3.0.5 vf-oss-template1.0.1 vf-oss-template1.0.2 vf-oss-template1.0.3 victoria-wallet-constants0.1.1 victoria-wallet-constants0.1.2 victoria-wallet-core0.1.1 victoria-wallet-core0.1.2 victoria-wallet-type0.1.1 victoria-wallet-type0.1.2 victoria-wallet-utils0.1.1 victoria-wallet-utils0.1.2 victoria-wallet-validator0.1.1 victoria-wallet-validator0.1.2\r\nvictoriaxoaquyet-wallet-core0.2.1 victoriaxoaquyet-wallet-core0.2.2 vite-plugin-httpfile0.2.1 vue-browserupdate-nuxt1.0.5 wallet-evm0.3.1 wallet-evm0.3.2 wallet-type0.1.1 wallet-type0.1.2 web-scraper-mcp1.1.4 web-types-htmx0.1.1 web-types-lit0.1.1 webpack-loader-httpfile0.2.1 wellness-expert-ng-gallery5.1.1 wenk1.0.10 wenk1.0.9 zapier-async-storage1.0.1 zapier-async-storage1.0.2 zapier-async-storage1.0.3 zapier-platform-cli18.0.2 zapier-platform-cli18.0.3 zapier-platform-cli18.0.4 zapier-platform-core18.0.2 zapier-platform-core18.0.3 zapier-platform-core18.0.4 zapier-platform-legacy-scripting-runner4.0.2 zapier-platform-legacy-scripting-runner4.0.3 zapier-platform-legacy-scripting-runner4.0.4\r\nzapier-platform-schema18.0.2 zapier-platform-schema18.0.3 zapier-platform-schema18.0.4 zapier-scripts7.8.3 zapier-scripts7.8.4 zuper-cli1.0.1 zuper-sdk1.0.57 zuper-stream2.0.9\r\nSource: https://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observ\r\ned\r\nhttps://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed\r\nPage 9 of 9",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed"
	],
	"report_names": [
		"shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed"
	],
	"threat_actors": [
		{
			"id": "9041c438-4bc0-4863-b89c-a32bba33903c",
			"created_at": "2023-01-06T13:46:38.232751Z",
			"updated_at": "2026-04-29T06:58:56.136945Z",
			"deleted_at": null,
			"main_name": "Nitro",
			"aliases": [
				"Covert Grove"
			],
			"source_name": "MISPGALAXY:Nitro",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "a2b44a04-a080-4465-973d-976ce53777de",
			"created_at": "2022-10-25T16:07:23.911791Z",
			"updated_at": "2026-04-29T06:58:58.02675Z",
			"deleted_at": null,
			"main_name": "Nitro",
			"aliases": [
				"Covert Grove",
				"Nitro"
			],
			"source_name": "ETDA:Nitro",
			"tools": [
				"AngryRebel",
				"Backdoor.Apocalipto",
				"Chymine",
				"Darkmoon",
				"Farfli",
				"Gen:Trojan.Heur.PT",
				"Gh0st RAT",
				"Ghost RAT",
				"Moudour",
				"Mydoor",
				"PCClient",
				"PCRat",
				"Poison Ivy",
				"SPIVY",
				"Spindest",
				"pivy",
				"poisonivy"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1777429323,
	"ts_updated_at": 1777450918,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f7636668f88aa00be1a160a70b62b7033f51ec53.pdf",
		"text": "https://archive.orkl.eu/f7636668f88aa00be1a160a70b62b7033f51ec53.txt",
		"img": "https://archive.orkl.eu/f7636668f88aa00be1a160a70b62b7033f51ec53.jpg"
	}
}