Collection of npm package manager Security Best Practices
Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.
Script to verify if Mini-Shai Hulud - Team PCP - Shai Hulud and Sha1-Hulud NPM package alike are affecting your NPM Build - check https://phoenix.security/shai-hulud-second-coming-npms-biggest-supply-chain-breach/
🛡️ Advanced NPM supply chain attack detection tool - Specialized in detecting Shai-Hulud compromise indicators with beautiful CLI interface and automated security reporting
🛡️ Guard your projects against the Shai-Hulud 2.0 npm supply chain attack with our secure detection tool for safer development.
🚨 Detect compromised npm packages from the SHA1-HULUD pt 2 attack with a multi-package manager scanner supporting npm, yarn, bun, and pnpm.
🛡️ Detect Shai Hulud npm-worm compromises in GitHub users and organizations with this easy-to-use CLI tool, protecting your code from malicious attacks.
Add a description, image, and links to the shai-hulud-attack topic page so that developers can more easily learn about it.
To associate your repository with the shai-hulud-attack topic, visit your repo's landing page and select "manage topics."