Posts by Tag: npm
all of the articles we have posted and linked so far under the tag: npm
19 May 2026
Mini Shai-Hulud: 639 Packages Deep and Still Burrowing
TLDR and affected package summary for the latest wave of the Mini Shai-Hulud npm supply-chain campaign targeting antv and echarts-for-react.
14 May 2026
Shadow Supply: The Package That Stole Your Secrets
TLDR and affected version summary for the node-ipc npm supply-chain compromise.
11 May 2026
Mini Shai-Hulud: The Package That Crawled Through CI
TLDR and affected package summary for the Mini Shai-Hulud npm and PyPI supply-chain campaign.