Shai-Hulud 2.0: Aggressive, Automated, and Fast Spreading
By Gianpietro Cutolo
Published: 2025-11-26 · Archived: 2026-04-29 02:08:07 UTC
In mid-September 2025, security researchers first identified a supply-chain compromise in the npm ecosystem, the
original Shai-Hulud campaign. The first known compromised package was @ctrl/tinycolor version 4.1.1.
Only two months later, a far more aggressive and automated wave appeared: Shai-Hulud 2.0. The second wave of
the Shai-Hulud campaign demonstrates an unprecedented level of automation and propagation speed,
compromising hundreds of npm packages within hours. By chaining credential theft, self-replication, and
automated republishing, the malware achieved rapid ecosystem-wide spread unlike anything previously observed
in npm package supply-chain attacks.
Shai-Hulud 2.0 behaves like a worm, not a single compromised package. It automatically harvests and exfiltrates
credentials and cloud secrets to attacker-controlled GitHub repositories, ultimately spreading to new npm
accounts.
Once launched, the malware immediately initiates a credential-harvesting routine targeting common sources of
developer secrets:
In addition, the malicious payload has functions prepared to use Trufflehog and git, to find maintained packages,
save files, and update packages.
github_save_file()
github_get_user()
githubGetPackagesByMaintainer()
githubUpdatePackage()
githubListRepos()
github_save_file()
One of the most alarming aspects of Shai-Hulud 2.0 is its use of GitHub Actions as a persistent backdoor into
infected machines. After stealing a victim’s GitHub token, the malware registers the compromised host as a self-hosted runner under the name SHA1HULUD. This effectively enrolls the victim’s machine into the attacker’s
remote-execution infrastructure.
The payload then plants a malicious workflow at .github/workflows/discussion.yaml. This workflow is
deliberately crafted with an injection weakness and configured to run only on self-hosted runners. As a result, the
attacker can trigger arbitrary command execution on any infected machine simply by opening a GitHub
Discussion in the affected repository. This gives the attacker a persistent, stealthy foothold that blends in with
normal CI/CD activity.
https://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed
Page 1 of 9

Beyond CLI-level control, the malware also uses stolen GitHub tokens to create public repositories that serve as
exfiltration buckets. Each repository is stamped with a distinctive description marker: “Sha1-Hulud: The Second
Coming.”, allowing the attacker to locate and manage them easily. These repos store stolen credentials and secret-scanning results.
Critically, Shai-Hulud 2.0 is designed to survive partial failures. If the initially stolen GitHub token lacks the
necessary permissions, the malware searches GitHub for other compromised repositories that include the same
“Second Coming” marker, named with a 18-character alphanumeric randomly-generated string.
Each repo may contain additional stolen tokens uploaded by other infected machines, organized in JSON files
named after their contents with double base64 encoding.
If one of those tokens is valid, the malware adopts it, creating a distributed token-sharing network across all
compromised hosts. This effectively forms a self-healing botnet inside GitHub, where compromised machines can
rescue each other if tokens expire or lose privileges.
Once GitHub persistence is established, the malware uses stolen npm tokens to weaponize the victim’s own
packages, taking the following steps:
It represents a significant escalation in supply-chain attack sophistication.
Netskope Threat Labs identified the initial-stage payload retrieval activity associated with this campaign, with the
detection “Script-JS.Worm.ShaiHulud”. Our investigations revealed no evidence of subsequent malicious
downloads or second-stage payload executions, indicating that the attack chain did not progress beyond the first
stage on Netskope-protected systems.
bun_environment.js
62ee164b9b306250c1172583f138c9614139264f889fa99614903c12755468d0
f099c5d9ec417d4445a0328ac0ada9cde79fc37410914103ae9c609cbc0ee068
cbb9bc5a8496243e02f3cc080efbe3e4a1430ba0671f2e43a202bf45b05479cd
Package NameVersion @accordproject/concerto-analysis3.24.1 @accordproject/concerto-linter3.24.1
@accordproject/concerto-linter-default-ruleset3.24.1 @accordproject/concerto-metamodel3.12.5
@accordproject/concerto-types3.24.1 @accordproject/markdown-it-cicero0.16.26
@accordproject/template-engine2.7.2 @actbase/css-to-react-native-transform1.0.3 @actbase/native0.1.32
@actbase/node-server1.1.19 @actbase/react-absolute0.8.3 @actbase/react-daum-postcode1.0.5
@actbase/react-kakaosdk0.9.27 @actbase/react-native-actionsheet1.0.3 @actbase/react-native-devtools0.1.3
@actbase/react-native-fast-image8.5.13 @actbase/react-native-kakao-channel1.0.2 @actbase/react-native-kakao-navi2.0.4 @actbase/react-native-less-transformer1.0.6 @actbase/react-native-naver-login1.0.1
@actbase/react-native-simple-video1.0.13 @actbase/react-native-tiktok1.1.3 @afetcan/api0.0.13
@afetcan/storage0.0.27 @alaan/s2s-auth2.0.3 @alexadark/amadeus-api1.0.4 @alexadark/gatsby-theme-events1.0.1 @alexadark/gatsby-theme-wordpress-blog2.0.1 @alexadark/reusable-functions1.5.1
@alexcolls/nuxt-socket.io0.0.7 @alexcolls/nuxt-socket.io0.0.8 @alexcolls/nuxt-ux0.6.1 @alexcolls/nuxt-ux0.6.2 @antstackio/eslint-config-antstack0.0.3 @antstackio/express-graphql-proxy0.2.8
@antstackio/graphql-body-parser0.1.1 @antstackio/json-to-graphql1.0.3 @antstackio/shelbysam1.1.7
https://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed
Page 2 of 9

@aryanhussain/my-angular-lib0.0.23 @asyncapi/avro-schema-parser3.0.25 @asyncapi/avro-schema-parser3.0.26 @asyncapi/bundler0.6.5 @asyncapi/bundler0.6.6 @asyncapi/cli4.1.2 @asyncapi/cli4.1.3
@asyncapi/converter1.6.3 @asyncapi/converter1.6.4 @asyncapi/diff0.5.1 @asyncapi/diff0.5.2
@asyncapi/dotnet-rabbitmq-template1.0.1 @asyncapi/dotnet-rabbitmq-template1.0.2
@asyncapi/edavisualiser1.2.1 @asyncapi/edavisualiser1.2.2 @asyncapi/generator2.8.5
@asyncapi/generator2.8.6 @asyncapi/generator-components0.3.2 @asyncapi/generator-components0.3.3
@asyncapi/generator-helpers0.2.1 @asyncapi/generator-helpers0.2.2 @asyncapi/generator-react-sdk1.1.4
@asyncapi/generator-react-sdk1.1.5 @asyncapi/go-watermill-template0.2.76 @asyncapi/go-watermill-template0.2.77 @asyncapi/html-template3.3.2 @asyncapi/html-template3.3.3 @asyncapi/java-spring-cloud-stream-template0.13.5 @asyncapi/java-spring-cloud-stream-template0.13.6 @asyncapi/java-spring-template1.6.1 @asyncapi/java-spring-template1.6.2 @asyncapi/java-template0.3.5 @asyncapi/java-template0.3.6 @asyncapi/keeper0.0.2 @asyncapi/keeper0.0.3 @asyncapi/markdown-template1.6.8
@asyncapi/markdown-template1.6.9 @asyncapi/modelina5.10.3 @asyncapi/modelina-cli5.10.2
@asyncapi/modelina-cli5.10.3 @asyncapi/multi-parser2.2.1 @asyncapi/multi-parser2.2.2
@asyncapi/nodejs-template3.0.5 @asyncapi/nodejs-template3.0.6 @asyncapi/nodejs-ws-template0.10.1
@asyncapi/nodejs-ws-template0.10.2 @asyncapi/nunjucks-filters2.1.1 @asyncapi/nunjucks-filters2.1.2
@asyncapi/openapi-schema-parser3.0.25 @asyncapi/openapi-schema-parser3.0.26
@asyncapi/optimizer1.0.5 @asyncapi/optimizer1.0.6 @asyncapi/parser3.4.1 @asyncapi/parser3.4.2
@asyncapi/php-template0.1.1 @asyncapi/php-template0.1.2 @asyncapi/problem1.0.1
@asyncapi/problem1.0.2 @asyncapi/protobuf-schema-parser3.5.2 @asyncapi/protobuf-schema-parser3.5.3
@asyncapi/protobuf-schema-parser3.6.1 @asyncapi/python-paho-template0.2.14 @asyncapi/python-paho-template0.2.15 @asyncapi/react-component2.6.6 @asyncapi/react-component2.6.7 @asyncapi/server-api0.16.24 @asyncapi/server-api0.16.25 @asyncapi/specs6.8.3 @asyncapi/specs6.9.1 @asyncapi/studio1.0.2
@asyncapi/studio1.0.3 @asyncapi/web-component2.6.6 @asyncapi/web-component2.6.7 @bdkinc/knex-ibmi0.5.7 @browserbasehq/bb91.2.21 @browserbasehq/director-ai1.0.3 @browserbasehq/mcp2.1.1
@browserbasehq/mcp-server-browserbase2.4.2 @browserbasehq/sdk-functions0.0.4
@browserbasehq/stagehand3.0.4 @browserbasehq/stagehand-docs1.0.1 @caretive/caret-cli0.0.2
@chtijs/eslint-config1.0.1 @clausehq/flows-step-httprequest0.1.14 @clausehq/flows-step-jsontoxml0.1.14
@clausehq/flows-step-mqtt0.1.14 @clausehq/flows-step-sendgridemail0.1.14 @clausehq/flows-step-taskscreateurl0.1.14 @cllbk/ghl1.3.1 @commute/bloom1.0.3 @commute/market-data1.0.2
@commute/market-data-chartjs2.3.1 @dev-blinq/ai-qa-logic1.0.19 @dev-blinq/blinqioclient1.0.21 @dev-blinq/cucumber-js1.0.131 @dev-blinq/cucumber_client1.0.738 @dev-blinq/ui-systems1.0.93
@ensdomains/address-encoder1.1.5 @ensdomains/blacklist1.0.1 @ensdomains/buffer0.1.2
@ensdomains/ccip-read-cf-worker0.0.4 @ensdomains/ccip-read-dns-gateway0.1.1 @ensdomains/ccip-read-router0.0.7 @ensdomains/ccip-read-worker-viem0.0.4 @ensdomains/content-hash3.0.1
@ensdomains/curvearithmetics1.0.1 @ensdomains/cypress-metamask1.2.1 @ensdomains/dnsprovejs0.5.3
@ensdomains/dnssec-oracle-anchors0.0.2 @ensdomains/dnssecoraclejs0.2.9 @ensdomains/durin0.1.2
@ensdomains/durin-middleware0.0.2 @ensdomains/ens-archived-contracts0.0.3 @ensdomains/ens-avatar1.0.4 @ensdomains/ens-contracts1.6.1 @ensdomains/ens-test-env1.0.2 @ensdomains/ens-validation0.1.1 @ensdomains/ensjs4.0.3 @ensdomains/ensjs-react0.0.5 @ensdomains/eth-ens-namehash2.0.16 @ensdomains/hackathon-registrar1.0.5 @ensdomains/hardhat-chai-matchers-viem0.1.15
@ensdomains/hardhat-toolbox-viem-extended0.0.6 @ensdomains/mock2.1.52 @ensdomains/name-https://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed
Page 3 of 9

wrapper1.0.1 @ensdomains/offchain-resolver-contracts0.2.2 @ensdomains/op-resolver-contracts0.0.2
@ensdomains/react-ens-address0.0.32 @ensdomains/renewal0.0.13 @ensdomains/renewal-widget0.1.10
@ensdomains/reverse-records1.0.1 @ensdomains/server-analytics0.0.2 @ensdomains/solsha10.0.4
@ensdomains/subdomain-registrar0.2.4 @ensdomains/test-utils1.3.1 @ensdomains/thorin0.6.51
@ensdomains/ui3.4.6 @ensdomains/unicode-confusables0.1.1 @ensdomains/unruggable-gateways0.0.3
@ensdomains/vite-plugin-i18next-loader4.0.4 @ensdomains/web3modal1.10.2 @everreal/react-charts2.0.2
@everreal/validate-esmoduleinterop-imports1.4.4 @everreal/validate-esmoduleinterop-imports1.4.5
@everreal/web-analytics0.0.2 @faq-component/core0.0.4 @faq-component/react1.0.1
@fishingbooker/browser-sync-plugin1.0.5 @fishingbooker/react-loader1.0.7 @fishingbooker/react-pagination2.0.6 @fishingbooker/react-raty2.0.1 @fishingbooker/react-swiper0.1.5 @hapheus/n8n-nodes-pgp1.5.1 @hover-design/core0.0.1 @hover-design/react0.2.1 @huntersofbook/auth-vue0.4.2
@huntersofbook/core0.5.1 @huntersofbook/core-nuxt0.4.2 @huntersofbook/form-naiveui0.5.1
@huntersofbook/i18n0.8.2 @huntersofbook/ui0.5.1 @hyperlook/telemetry-sdk1.0.19
@ifelsedeveloper/protocol-contracts-svm-idl0.1.2 @ifelsedeveloper/protocol-contracts-svm-idl0.1.3
@ifings/design-system4.9.2 @ifings/metatron30.1.5 @jayeshsadhwani/telemetry-sdk1.0.14
@kvytech/cli0.0.7 @kvytech/components0.0.2 @kvytech/habbit-e2e-test0.0.2 @kvytech/medusa-plugin-announcement0.0.8 @kvytech/medusa-plugin-management0.0.5 @kvytech/medusa-plugin-newsletter0.0.5
@kvytech/medusa-plugin-product-reviews0.0.9 @kvytech/medusa-plugin-promotion0.0.2
@kvytech/web0.0.2 @lessondesk/api-client9.12.2 @lessondesk/api-client9.12.3 @lessondesk/babel-preset1.0.1 @lessondesk/electron-group-api-client1.0.3 @lessondesk/eslint-config1.4.2
@lessondesk/material-icons1.0.3 @lessondesk/react-table-context2.0.4 @lessondesk/schoolbus5.2.2
@lessondesk/schoolbus5.2.3 @livecms/live-edit0.0.32 @livecms/nuxt-live-edit1.9.2 @lokeswari-satyanarayanan/rn-zustand-expo-template1.0.9 @louisle2/core1.0.1 @louisle2/cortex-js0.1.6
@lpdjs/firestore-repo-service1.0.1 @lui-ui/lui-nuxt0.1.1 @lui-ui/lui-tailwindcss0.1.2 @lui-ui/lui-vue1.0.13
@markvivanco/app-version-checker1.0.2 @mcp-use/cli2.2.6 @mcp-use/cli2.2.7 @mcp-use/inspector0.6.2
@mcp-use/inspector0.6.3 @mcp-use/mcp-use1.0.1 @mcp-use/mcp-use1.0.2 @micado-digital/stadtmarketing-kufstein-external1.9.1 @mizzle-dev/orm0.0.2 @ntnx/passport-wso20.0.3
@ntnx/t0.0.101 @oku-ui/accordion0.6.2 @oku-ui/alert-dialog0.6.2 @oku-ui/arrow0.6.2 @oku-ui/aspect-ratio0.6.2 @oku-ui/avatar0.6.2 @oku-ui/checkbox0.6.3 @oku-ui/collapsible0.6.2 @oku-ui/collection0.6.2
@oku-ui/dialog0.6.2 @oku-ui/direction0.6.2 @oku-ui/dismissable-layer0.6.2 @oku-ui/focus-guards0.6.2
@oku-ui/focus-scope0.6.2 @oku-ui/hover-card0.6.2 @oku-ui/label0.6.2 @oku-ui/menu0.6.2 @oku-ui/motion0.4.4 @oku-ui/motion-nuxt0.2.2 @oku-ui/popover0.6.2 @oku-ui/popper0.6.2 @oku-ui/portal0.6.2
@oku-ui/presence0.6.2 @oku-ui/primitive0.6.2 @oku-ui/primitives0.7.9 @oku-ui/primitives-nuxt0.3.1
@oku-ui/progress0.6.2 @oku-ui/provide0.6.2 @oku-ui/radio-group0.6.2 @oku-ui/roving-focus0.6.2 @oku-ui/scroll-area0.6.2 @oku-ui/separator0.6.2 @oku-ui/slider0.6.2 @oku-ui/slot0.6.2 @oku-ui/switch0.6.2
@oku-ui/tabs0.6.2 @oku-ui/toast0.6.2 @oku-ui/toggle0.6.2 @oku-ui/toggle-group0.6.2 @oku-ui/toolbar0.6.2
@oku-ui/tooltip0.6.2 @oku-ui/use-composable0.6.2 @oku-ui/utils0.6.2 @oku-ui/visually-hidden0.6.2
@orbitgtbelgium/mapbox-gl-draw-cut-polygon-mode2.0.5 @orbitgtbelgium/mapbox-gl-draw-scale-rotate-mode1.1.1 @orbitgtbelgium/orbit-components1.2.9 @orbitgtbelgium/time-slider1.0.187
@osmanekrem/bmad1.0.6 @osmanekrem/error-handler1.2.2 @pergel/cli0.11.1 @pergel/module-box0.6.1
@pergel/module-graphql0.6.1 @pergel/module-ui0.0.9 @pergel/nuxt0.25.5 @posthog/agent1.24.1
@posthog/ai7.1.2 @posthog/automatic-cohorts-plugin0.0.8 @posthog/bitbucket-release-tracker0.0.8
https://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed
Page 4 of 9

@posthog/cli0.5.15 @posthog/clickhouse1.7.1 @posthog/core1.5.6 @posthog/currency-normalization-plugin0.0.8 @posthog/customerio-plugin0.0.8 @posthog/databricks-plugin0.0.8 @posthog/drop-events-on-property-plugin0.0.8 @posthog/event-sequence-timer-plugin0.0.8 @posthog/filter-out-plugin0.0.8
@posthog/first-time-event-tracker0.0.8 @posthog/geoip-plugin0.0.8 @posthog/github-release-tracking-plugin0.0.8 @posthog/gitub-star-sync-plugin0.0.8 @posthog/heartbeat-plugin0.0.8 @posthog/hedgehog-mode0.0.42 @posthog/icons0.36.1 @posthog/ingestion-alert-plugin0.0.8 @posthog/intercom-plugin0.0.8
@posthog/kinesis-plugin0.0.8 @posthog/laudspeaker-plugin0.0.8 @posthog/lemon-ui0.0.1
@posthog/maxmind-plugin0.1.6 @posthog/migrator3000-plugin0.0.8 @posthog/netdata-event-processing0.0.8 @posthog/nextjs0.0.3 @posthog/nextjs-config1.5.1 @posthog/nuxt1.2.9
@posthog/pagerduty-plugin0.0.8 @posthog/piscina3.2.1 @posthog/plugin-contrib0.0.6 @posthog/plugin-server1.10.8 @posthog/plugin-unduplicates0.0.8 @posthog/postgres-plugin0.0.8 @posthog/react-rrweb-player1.1.4 @posthog/rrdom0.0.31 @posthog/rrweb0.0.31 @posthog/rrweb-player0.0.31 @posthog/rrweb-record0.0.31 @posthog/rrweb-replay0.0.19 @posthog/rrweb-snapshot0.0.31 @posthog/rrweb-utils0.0.31
@posthog/sendgrid-plugin0.0.8 @posthog/siphash1.1.2 @posthog/snowflake-export-plugin0.0.8
@posthog/taxonomy-plugin0.0.8 @posthog/twilio-plugin0.0.8 @posthog/twitter-followers-plugin0.0.8
@posthog/url-normalizer-plugin0.0.8 @posthog/variance-plugin0.0.8 @posthog/web-dev-server1.0.5
@posthog/wizard1.18.1 @posthog/zendesk-plugin0.0.8 @postman/csv-parse4.0.3 @postman/csv-parse4.0.5
@postman/final-node-keytar7.9.1 @postman/final-node-keytar7.9.2 @postman/final-node-keytar7.9.3
@postman/mcp-ui-client5.5.1 @postman/mcp-ui-client5.5.3 @postman/node-keytar7.9.4 @postman/node-keytar7.9.6 @postman/pm-bin-linux-x641.24.3 @postman/pm-bin-linux-x641.24.4 @postman/pm-bin-linux-x641.24.5 @postman/pm-bin-macos-arm641.24.3 @postman/pm-bin-macos-arm641.24.5
@postman/pm-bin-macos-x641.24.3 @postman/pm-bin-macos-x641.24.5 @postman/pm-bin-windows-x641.24.3 @postman/pm-bin-windows-x641.24.5 @postman/postman-collection-fork4.3.3
@postman/postman-collection-fork4.3.5 @postman/postman-mcp-cli1.0.3 @postman/postman-mcp-cli1.0.4
@postman/postman-mcp-cli1.0.5 @postman/postman-mcp-server2.4.10 @postman/postman-mcp-server2.4.12 @postman/pretty-ms6.1.1 @postman/pretty-ms6.1.2 @postman/pretty-ms6.1.3
@postman/secret-scanner-wasm2.1.3 @postman/secret-scanner-wasm2.1.4 @postman/tunnel-agent0.6.5
@postman/tunnel-agent0.6.6 @postman/tunnel-agent0.6.7 @postman/wdio-allure-reporter0.0.7
@postman/wdio-allure-reporter0.0.9 @postman/wdio-junit-reporter0.0.4 @postman/wdio-junit-reporter0.0.5 @postman/wdio-junit-reporter0.0.6 @pradhumngautam/common-app1.0.2
@productdevbook/animejs-vue0.2.1 @productdevbook/auth0.2.2 @productdevbook/chatwoot2.0.1
@productdevbook/motion1.0.4 @productdevbook/ts-i18n1.4.2 @pruthvi21/use-debounce1.0.3 @quick-start-soft/quick-document-translator1.4.2511142126 @quick-start-soft/quick-git-clean-markdown1.4.2511142126 @quick-start-soft/quick-markdown1.4.2511142126 @quick-start-soft/quick-markdown-compose1.4.2506300029 @quick-start-soft/quick-markdown-image1.4.2511142126 @quick-start-soft/quick-markdown-print1.4.2511142126 @quick-start-soft/quick-markdown-translator1.4.2509202331 @quick-start-soft/quick-remove-image-background1.4.2511142126 @quick-start-soft/quick-task-refine1.4.2511142126 @relyt/claude-context-core0.1.1 @relyt/claude-context-mcp0.1.1
@sameepsi/sor1.0.3 @sameepsi/sor22.0.2 @seezo/sdr-mcp-server0.0.5 @seung-ju/next0.0.2 @seung-ju/openapi-generator0.0.4 @seung-ju/react-hooks0.0.2 @seung-ju/react-native-action-sheet0.2.1
@silgi/better-auth0.8.1 @silgi/drizzle0.8.4 @silgi/ecosystem0.7.6 @silgi/graphql0.7.15 @silgi/module-builder0.8.8 @silgi/openapi0.7.4 @silgi/permission0.6.8 @silgi/ratelimit0.2.1 @silgi/scalar0.6.2
https://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed
Page 5 of 9

@silgi/yoga0.7.1 @sme-ui/aoma-vevasound-metadata-lib0.1.3 @strapbuild/react-native-date-time-picker2.0.4 @strapbuild/react-native-perspective-image-cropper0.4.15 @strapbuild/react-native-perspective-image-cropper-20.4.7 @strapbuild/react-native-perspective-image-cropper-poojan310.4.6
@suraj_h/medium-common1.0.5 @thedelta/eslint-config1.0.2 @tiaanduplessis/json2.0.2
@tiaanduplessis/json2.0.3 @tiaanduplessis/react-progressbar1.0.1 @tiaanduplessis/react-progressbar1.0.2
@trackstar/angular-trackstar-link1.0.2 @trackstar/react-trackstar-link2.0.21 @trackstar/react-trackstar-link-upgrade1.1.10 @trackstar/test-angular-package0.0.9 @trackstar/test-package1.1.5 @trefox/sleekshop-js0.1.6 @trigo/atrix7.0.1 @trigo/atrix-acl4.0.2 @trigo/atrix-elasticsearch2.0.1 @trigo/atrix-mongoose1.0.2
@trigo/atrix-orientdb1.0.2 @trigo/atrix-postgres1.0.3 @trigo/atrix-pubsub4.0.3 @trigo/atrix-redis1.0.2
@trigo/atrix-soap1.0.2 @trigo/atrix-swagger3.0.1 @trigo/bool-expressions4.1.3 @trigo/eslint-config-trigo3.3.1 @trigo/fsm3.4.2 @trigo/hapi-auth-signedlink1.3.1 @trigo/jsdt0.2.1 @trigo/keycloak-api1.3.1
@trigo/node-soap0.5.4 @trigo/pathfinder-ui-css0.1.1 @trigo/trigo-hapijs5.0.1 @trpc-rate-limiter/cloudflare0.1.4 @trpc-rate-limiter/hono0.1.4 @varsityvibe/api-client1.3.36 @varsityvibe/api-client1.3.37 @varsityvibe/utils5.0.6 @varsityvibe/validation-schemas0.6.7 @varsityvibe/validation-schemas0.6.8 @viapip/eslint-config0.2.4 @vishadtyagi/full-year-calendar0.1.11 @voiceflow/alexa-types2.15.61 @voiceflow/anthropic0.4.4 @voiceflow/anthropic0.4.5 @voiceflow/api-sdk3.28.59
@voiceflow/backend-utils5.0.1 @voiceflow/backend-utils5.0.2 @voiceflow/base-types2.136.2
@voiceflow/base-types2.136.3 @voiceflow/body-parser1.21.2 @voiceflow/body-parser1.21.3
@voiceflow/chat-types2.14.58 @voiceflow/chat-types2.14.59 @voiceflow/circleci-config-sdk-orb-import0.2.1
@voiceflow/circleci-config-sdk-orb-import0.2.2 @voiceflow/commitlint-config2.6.1 @voiceflow/commitlint-config2.6.2 @voiceflow/common8.9.1 @voiceflow/common8.9.2 @voiceflow/default-prompt-wrappers1.7.3
@voiceflow/default-prompt-wrappers1.7.4 @voiceflow/dependency-cruiser-config1.8.11
@voiceflow/dependency-cruiser-config1.8.12 @voiceflow/dtos-interact1.40.1 @voiceflow/dtos-interact1.40.2
@voiceflow/encryption0.3.2 @voiceflow/encryption0.3.3 @voiceflow/eslint-config7.16.4 @voiceflow/eslint-config7.16.5 @voiceflow/eslint-plugin1.6.1 @voiceflow/eslint-plugin1.6.2 @voiceflow/exception1.10.1
@voiceflow/exception1.10.2 @voiceflow/fetch1.11.1 @voiceflow/fetch1.11.2 @voiceflow/general-types3.2.22
@voiceflow/general-types3.2.23 @voiceflow/git-branch-check1.4.3 @voiceflow/git-branch-check1.4.4
@voiceflow/google-dfes-types2.17.12 @voiceflow/google-dfes-types2.17.13 @voiceflow/google-types2.21.13
@voiceflow/husky-config1.3.1 @voiceflow/husky-config1.3.2 @voiceflow/logger2.4.2 @voiceflow/logger2.4.3
@voiceflow/metrics1.5.1 @voiceflow/metrics1.5.2 @voiceflow/natural-language-commander0.5.2
@voiceflow/natural-language-commander0.5.3 @voiceflow/nestjs-common2.75.2 @voiceflow/nestjs-common2.75.3 @voiceflow/nestjs-mongodb1.3.1 @voiceflow/nestjs-mongodb1.3.2 @voiceflow/nestjs-rate-limit1.3.2 @voiceflow/nestjs-rate-limit1.3.3 @voiceflow/nestjs-redis1.3.1 @voiceflow/nestjs-redis1.3.2
@voiceflow/nestjs-timeout1.3.1 @voiceflow/nestjs-timeout1.3.2 @voiceflow/npm-package-json-lint-config1.1.1 @voiceflow/openai3.2.2 @voiceflow/openai3.2.3 @voiceflow/pino6.11.3 @voiceflow/pino6.11.4
@voiceflow/pino-pretty4.4.1 @voiceflow/pino-pretty4.4.2 @voiceflow/prettier-config1.10.1
@voiceflow/prettier-config1.10.2 @voiceflow/react-chat1.65.4 @voiceflow/runtime1.29.1
@voiceflow/runtime1.29.2 @voiceflow/runtime-client-js1.17.2 @voiceflow/runtime-client-js1.17.3
@voiceflow/sdk-runtime1.43.1 @voiceflow/sdk-runtime1.43.2 @voiceflow/secrets-provider1.9.2
@voiceflow/secrets-provider1.9.3 @voiceflow/semantic-release-config1.4.1 @voiceflow/semantic-release-config1.4.2 @voiceflow/serverless-plugin-typescript2.1.7 @voiceflow/serverless-plugin-typescript2.1.8
@voiceflow/slate-serializer1.7.3 @voiceflow/slate-serializer1.7.4 @voiceflow/stitches-react2.3.2
https://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed
Page 6 of 9

@voiceflow/stitches-react2.3.3 @voiceflow/storybook-config1.2.2 @voiceflow/storybook-config1.2.3
@voiceflow/stylelint-config1.1.1 @voiceflow/stylelint-config1.1.2 @voiceflow/test-common2.1.1
@voiceflow/test-common2.1.2 @voiceflow/tsconfig1.12.1 @voiceflow/tsconfig1.12.2 @voiceflow/tsconfig-paths1.1.4 @voiceflow/tsconfig-paths1.1.5 @voiceflow/utils-designer1.74.20 @voiceflow/verror1.1.4
@voiceflow/verror1.1.5 @voiceflow/vite-config2.6.2 @voiceflow/vite-config2.6.3 @voiceflow/vitest-config1.10.2 @voiceflow/vitest-config1.10.3 @voiceflow/voice-types2.10.58 @voiceflow/voice-types2.10.59
@voiceflow/voiceflow-types3.32.45 @voiceflow/voiceflow-types3.32.46 @voiceflow/widget1.7.18
@voiceflow/widget1.7.19 @vucod/email0.0.3 @zapier/ai-actions0.1.18 @zapier/ai-actions0.1.19 @zapier/ai-actions0.1.20 @zapier/ai-actions-react0.1.12 @zapier/ai-actions-react0.1.13 @zapier/ai-actions-react0.1.14
@zapier/babel-preset-zapier6.4.1 @zapier/babel-preset-zapier6.4.2 @zapier/babel-preset-zapier6.4.3
@zapier/browserslist-config-zapier1.0.3 @zapier/browserslist-config-zapier1.0.4 @zapier/browserslist-config-zapier1.0.5 @zapier/eslint-plugin-zapier11.0.3 @zapier/eslint-plugin-zapier11.0.4 @zapier/eslint-plugin-zapier11.0.5 @zapier/mcp-integration3.0.1 @zapier/mcp-integration3.0.2 @zapier/mcp-integration3.0.3 @zapier/secret-scrubber1.1.3 @zapier/secret-scrubber1.1.4 @zapier/secret-scrubber1.1.5
@zapier/spectral-api-ruleset1.9.1 @zapier/spectral-api-ruleset1.9.2 @zapier/spectral-api-ruleset1.9.3
@zapier/stubtree0.1.2 @zapier/stubtree0.1.3 @zapier/stubtree0.1.4 @zapier/zapier-sdk0.15.5
@zapier/zapier-sdk0.15.6 @zapier/zapier-sdk0.15.7 02-echo0.0.7 ai-crowl-shield1.0.7 arc-cli-fc1.0.1
asciitranslator1.0.3 asyncapi-preview1.0.1 asyncapi-preview1.0.2 atrix1.0.1 atrix-mongoose1.0.1
automation_model1.0.491 avvvatars-vue1.1.2 axios-builder1.2.1 axios-cancelable1.0.1 axios-cancelable1.0.2
axios-timed1.0.1 axios-timed1.0.2 babel-preset-kinvey-flex-service0.1.1 barebones-css1.1.3 barebones-css1.1.4 benmostyn-frame-print1.0.1 best_gpio_controller1.0.10 better-auth-nuxt0.0.10 better-queue-nedb0.1.5 bidirectional-adapter1.2.2 bidirectional-adapter1.2.3 bidirectional-adapter1.2.4 bidirectional-adapter1.2.5 blinqio-executions-cli1.0.41 blob-to-base641.0.3 bool-expressions0.1.2 buffered-interpolation-babylon60.2.8 bun-plugin-httpfile0.1.1 bytecode-checker-cli1.0.10 bytecode-checker-cli1.0.11 bytecode-checker-cli1.0.8 bytecode-checker-cli1.0.9 bytes-to-x1.0.1 calc-loan-interest1.0.4 capacitor-plugin-apptrackingios0.0.21 capacitor-plugin-purchase0.1.1 capacitor-plugin-scgssigninwithgoogle0.0.5 capacitor-purchase-history0.0.10 capacitor-voice-recorder-wav6.0.3 ceviz0.0.5 chrome-extension-downloads0.0.3
chrome-extension-downloads0.0.4 claude-token-updater1.0.3 coinmarketcap-api3.1.2 coinmarketcap-api3.1.3 colors-regex2.0.1 command-irail0.5.4 compare-obj1.1.1 compare-obj1.1.2 composite-reducer1.0.2
composite-reducer1.0.3 composite-reducer1.0.4 composite-reducer1.0.5 count-it-down1.0.1 count-it-down1.0.2 cpu-instructions0.0.14 create-director-app0.1.1 create-glee-app0.2.2 create-glee-app0.2.3 create-hardhat3-app1.1.1 create-hardhat3-app1.1.2 create-hardhat3-app1.1.3 create-hardhat3-app1.1.4 create-kinvey-flex-service0.2.1 create-mcp-use-app0.5.3 create-mcp-use-app0.5.4 create-silgi0.3.1 crypto-addr-codec0.1.9 css-dedoupe0.1.2 csv-tool-cli1.2.1 dashboard-empty-state1.0.3 designstudiouiux1.0.1 devstart-cli1.0.6 dialogflow-es1.1.2 dialogflow-es1.1.3 dialogflow-es1.1.4 discord-bot-server0.1.2 docusaurus-plugin-vanilla-extract1.0.3 dont-go1.1.2 dotnet-template0.0.3 dotnet-template0.0.4 drop-events-on-property-plugin0.0.2 easypanel-sdk0.3.2 electron-volt0.0.2 email-deliverability-tester1.1.1 enforce-branch-name1.1.3
esbuild-plugin-brotli0.2.1 esbuild-plugin-eta0.1.1 esbuild-plugin-httpfile0.4.1 eslint-config-kinvey-flex-service0.1.1 eslint-config-nitpicky4.0.1 eslint-config-trigo22.0.2 eslint-config-zeallat-base1.0.4 ethereum-ens0.8.1 evm-checkcode-cli1.0.12 evm-checkcode-cli1.0.13 evm-checkcode-cli1.0.14 evm-checkcode-cli1.0.15
exact-ticker0.3.5 expo-audio-session0.2.1 expo-router-on-rails0.0.4 express-starter-template1.0.10
expressos1.1.3 fat-fingered1.0.1 fat-fingered1.0.2 feature-flip1.0.1 feature-flip1.0.2 firestore-search-https://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed
Page 7 of 9

engine1.2.3 fittxt1.0.2 fittxt1.0.3 flapstacks1.0.1 flapstacks1.0.2 flatten-unflatten1.0.1 flatten-unflatten1.0.2
formik-error-focus2.0.1 formik-store1.0.1 frontity-starter-theme1.0.1 fuzzy-finder1.0.5 fuzzy-finder1.0.6
gate-evm-check-code22.0.3 gate-evm-check-code22.0.4 gate-evm-check-code22.0.5 gate-evm-check-code22.0.6 gate-evm-tools-test1.0.5 gate-evm-tools-test1.0.6 gate-evm-tools-test1.0.7 gate-evm-tools-test1.0.8
gatsby-plugin-antd2.2.1 gatsby-plugin-cname1.0.1 gatsby-plugin-cname1.0.2 generator-meteor-stock0.1.6
generator-ng-itobuz0.0.15 get-them-args1.3.3 github-action-for-generator2.1.27 github-action-for-generator2.1.28 gitsafe1.0.5 go-template0.1.8 go-template0.1.9 gulp-inject-envs1.2.1 gulp-inject-envs1.2.2
haufe-axera-api-client0.0.2 hope-mapboxdraw0.1.1 hopedraw1.0.3 hover-design-prototype0.0.5
httpness1.0.2 httpness1.0.3 hyper-fullfacing1.0.3 hyperterm-hipster1.0.7 ids-css1.5.1 ids-enterprise-mcp-server0.0.2 ids-enterprise-typings20.1.6 image-to-uri1.0.1 image-to-uri1.0.2 insomnia-plugin-random-pick1.0.4 invo0.2.2 iron-shield-miniapp0.0.2 ito-button8.0.3 itobuz-angular0.0.1 itobuz-angular-auth8.0.11
itobuz-angular-button8.0.11 jacob-zuma1.0.1 jacob-zuma1.0.2 jaetut-varit-test1.0.2 jan-browser0.13.1
jquery-bindings1.1.2 jquery-bindings1.1.3 jsonsurge1.0.7 just-toasty1.7.1 kill-port2.0.2 kill-port2.0.3
kinetix-default-token-list1.0.5 kinvey-cli-wrapper0.3.1 kinvey-flex-scripts0.5.1 kns-error-code1.0.8 korea-administrative-area-geo-json-util1.0.7 kwami1.5.10 kwami1.5.9 lang-codes1.0.1 lang-codes1.0.2 license-o-matic1.2.1 license-o-matic1.2.2 lint-staged-imagemin1.3.1 lint-staged-imagemin1.3.2 lite-serper-mcp-server0.2.2 lui-vue-test0.70.9 luno-api1.2.3 m25-transaction-utils1.1.16 manual-billing-system-miniapp-api1.3.1 mcp-use1.4.2 mcp-use1.4.3 medusa-plugin-announcement0.0.3 medusa-plugin-logs0.0.17 medusa-plugin-momo0.0.68 medusa-plugin-product-reviews-kvy0.0.4 medusa-plugin-zalopay0.0.40 mod10-check-digit1.0.1 mon-package-react-typescript1.0.1 my-saeed-lib0.1.1 n8n-nodes-tmdb0.5.1 n8n-nodes-vercel-ai-sdk0.1.7 n8n-nodes-viral-app0.2.5 nanoreset7.0.1 nanoreset7.0.2 next-circular-dependency1.0.2 next-circular-dependency1.0.3 next-simple-google-analytics1.1.1 next-simple-google-analytics1.1.2 next-styled-nprogress1.0.4 next-styled-nprogress1.0.5 ngx-useful-swiper-prosenjit9.0.2 ngx-wooapi12.0.1 nitro-graphql1.5.12 nitro-kutu0.1.1 nitrodeploy1.0.8 nitroping0.1.1 normal-store1.3.1 normal-store1.3.2 normal-store1.3.3 normal-store1.3.4 nuxt-keycloak0.2.2 obj-to-css1.0.2 obj-to-css1.0.3 okta-react-router-65.0.1
open2internet0.1.1 orbit-boxicons2.1.3 orbit-nebula-draw-tools1.0.10 orbit-nebula-editor1.0.2 orbit-soap0.43.13 orchestrix12.1.2 package-tester1.0.1 parcel-plugin-asset-copier1.1.2 parcel-plugin-asset-copier1.1.3 pdf-annotation0.0.2 pergel0.13.2 pergeltest0.0.25 piclite1.0.1 pico-uid1.0.3 pico-uid1.0.4 pkg-readme1.1.1 poper-react-sdk0.1.2 posthog-docusaurus2.0.6 posthog-js1.297.3 posthog-node4.18.1 posthog-node5.13.3 posthog-plugin-hello-world1.0.1 posthog-react-native4.11.1 posthog-react-native4.12.5 posthog-react-native-session-replay1.2.2 prime-one-table0.0.19 prompt-eng1.0.50 prompt-eng-server1.0.18 puny-req1.0.3 quickswap-ads-list1.0.33 quickswap-default-staking-list1.0.11 quickswap-default-staking-list-address1.0.55 quickswap-default-token-list1.5.16 quickswap-router-sdk1.0.1 quickswap-sdk3.0.44
quickswap-smart-order-router1.0.1 quickswap-token-lists1.0.3 quickswap-v2-sdk2.0.1 ra-auth-firebase1.0.3
ra-data-firebase1.0.7 ra-data-firebase1.0.8 react-component-taggers0.1.9 react-data-to-export1.0.1 react-element-prompt-inspector0.1.18 react-favic1.0.2 react-hook-form-persist3.0.1 react-hook-form-persist3.0.2
react-jam-icons1.0.1 react-jam-icons1.0.2 react-keycloak-context1.0.8 react-keycloak-context1.0.9 react-library-setup0.0.6 react-linear-loader1.0.2 react-micromodal.js1.0.1 react-micromodal.js1.0.2 react-native-datepicker-modal1.3.1 react-native-datepicker-modal1.3.2 react-native-email2.1.1 react-native-email2.1.2
react-native-fetch2.0.1 react-native-fetch2.0.2 react-native-get-pixel-dimensions1.0.1 react-native-get-pixel-dimensions1.0.2 react-native-google-maps-directions2.1.2 react-native-jam-icons1.0.1 react-native-jam-icons1.0.2 react-native-log-level1.2.1 react-native-log-level1.2.2 react-native-modest-checkbox3.3.1 react-https://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed
Page 8 of 9

native-modest-storage2.1.1 react-native-phone-call1.2.1 react-native-phone-call1.2.2 react-native-retriable-fetch2.0.1 react-native-retriable-fetch2.0.2 react-native-use-modal1.0.3 react-native-view-finder1.2.1 react-native-view-finder1.2.2 react-native-websocket1.0.3 react-native-websocket1.0.4 react-native-worklet-functions3.3.3 react-packery-component1.0.3 react-qr-image1.1.1 react-scrambled-text1.0.4 rediff1.0.5
rediff-viewer0.0.7 redux-forge2.5.3 redux-router-kit1.2.2 redux-router-kit1.2.3 redux-router-kit1.2.4
revenuecat1.0.1 rollup-plugin-httpfile0.2.1 sa-company-registration-number-regex1.0.1 sa-company-registration-number-regex1.0.2 sa-id-gen1.0.4 sa-id-gen1.0.5 samesame1.0.3 scgs-capacitor-subscribe1.0.11
scgsffcreator1.0.5 schob1.0.3 selenium-session1.0.5 selenium-session-client1.0.4 set-nested-prop2.0.1 set-nested-prop2.0.2 shelf-jwt-sessions0.1.2 shell-exec1.1.3 shell-exec1.1.4 shinhan-limit-scrap1.0.3 silgi0.43.30
simplejsonform1.0.1 skills-use0.1.1 skills-use0.1.2 solomon-api-stories1.0.2 solomon-v3-stories1.15.6
solomon-v3-ui-wrapper1.6.1 soneium-acs1.0.1 sort-by-distance2.0.1 south-african-id-info1.0.2 stat-fns1.0.1
stoor2.3.2 sufetch0.4.1 super-commit1.0.1 svelte-autocomplete-select1.1.1 svelte-toasty1.1.2 svelte-toasty1.1.3 tanstack-shadcn-table1.1.5 tavily-module1.0.1 tcsp2.0.2 tcsp-draw-test1.0.5 tcsp-test-vd2.4.4
template-lib1.1.3 template-lib1.1.4 template-micro-service1.0.2 template-micro-service1.0.3 tenacious-fetch2.3.2 tenacious-fetch2.3.3 test-foundry-app1.0.1 test-foundry-app1.0.2 test-foundry-app1.0.3 test-foundry-app1.0.4 test-hardhat-app1.0.1 test-hardhat-app1.0.2 test-hardhat-app1.0.3 test-hardhat-app1.0.4
test23112222-api1.0.1 tiaan1.0.2 tiptap-shadcn-vue0.2.1 token.js-fork0.7.32 toonfetch0.3.2 trigo-react-app4.1.2 ts-relay-cursor-paging2.1.1 typeface-antonio-complete1.0.5 typefence1.2.2 typefence1.2.3 typeorm-orbit0.2.27 unadapter0.1.3 undefsafe-typed1.0.3 undefsafe-typed1.0.4 unemail0.3.1 uniswap-router-sdk1.6.2
uniswap-smart-order-router3.16.26 uniswap-test-sdk-core4.0.8 unsearch0.0.3 uplandui0.5.4 upload-to-play-store1.0.1 upload-to-play-store1.0.2 url-encode-decode1.0.1 url-encode-decode1.0.2 use-unsaved-changes1.0.9 v-plausible1.2.1 valid-south-african-id1.0.3 valuedex-sdk3.0.5 vf-oss-template1.0.1 vf-oss-template1.0.2 vf-oss-template1.0.3 victoria-wallet-constants0.1.1 victoria-wallet-constants0.1.2 victoria-wallet-core0.1.1 victoria-wallet-core0.1.2 victoria-wallet-type0.1.1 victoria-wallet-type0.1.2 victoria-wallet-utils0.1.1 victoria-wallet-utils0.1.2 victoria-wallet-validator0.1.1 victoria-wallet-validator0.1.2
victoriaxoaquyet-wallet-core0.2.1 victoriaxoaquyet-wallet-core0.2.2 vite-plugin-httpfile0.2.1 vue-browserupdate-nuxt1.0.5 wallet-evm0.3.1 wallet-evm0.3.2 wallet-type0.1.1 wallet-type0.1.2 web-scraper-mcp1.1.4 web-types-htmx0.1.1 web-types-lit0.1.1 webpack-loader-httpfile0.2.1 wellness-expert-ng-gallery5.1.1 wenk1.0.10 wenk1.0.9 zapier-async-storage1.0.1 zapier-async-storage1.0.2 zapier-async-storage1.0.3 zapier-platform-cli18.0.2 zapier-platform-cli18.0.3 zapier-platform-cli18.0.4 zapier-platform-core18.0.2 zapier-platform-core18.0.3 zapier-platform-core18.0.4 zapier-platform-legacy-scripting-runner4.0.2 zapier-platform-legacy-scripting-runner4.0.3 zapier-platform-legacy-scripting-runner4.0.4
zapier-platform-schema18.0.2 zapier-platform-schema18.0.3 zapier-platform-schema18.0.4 zapier-scripts7.8.3 zapier-scripts7.8.4 zuper-cli1.0.1 zuper-sdk1.0.57 zuper-stream2.0.9
Source: https://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observ
ed
https://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed
Page 9 of 9