Collection of npm package manager Security Best Practices
Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.
Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.
A security analysis tool to detect Shai-Hulud malware infections across GitHub and NPM ecosystems
Comprehensive detection tool for NPM supply chain attacks, specifically designed to identify and prevent the Shai-Hulud worm and Shai-Hulud 2-0-0 that compromised 1193+ packages including CrowdStrike npm packages in 2025.
Script to verify if Mini-Shai Hulud - Team PCP - Shai Hulud and Sha1-Hulud NPM package alike are affecting your NPM Build - check https://phoenix.security/shai-hulud-second-coming-npms-biggest-supply-chain-breach/
Real-time npm/PyPI supply-chain threat detection. Behavioral chain analysis, AST scanning, IOC feeds, and compound scoring engine.
Autonomous “Shai-Hulud” engine that ingests malicious NPM package advisories from OSV, tracks versions and metadata, and maintains a continuously updated threat intelligence database.
Supply-chain attack scanner for the agent era. Triage in 30s with `npx patient-zero`, block malicious installs before postinstall runs, or drop into CI as a GitHub Action. Covers npm + Python + MCP agent configs. Free, MIT, no signup, no telemetry.
Sentinel Package Manager blocks compromised packages BEFORE installation, preventing malicious code execution. Features: Pre-install blocking, command interception (npm/yarn/pnpm/bun), 795+ blacklist (Shai-Hulud), real-time checks (OSV/GitHub/Snyk), zero dependencies, auto-updates. Counters supply chain attacks.
How to Check for Compromised NPM Packages
🪱 NPM Worm Defense Guide: Detection, remediation & prevention for Shai-Hulud 2.0 and beyond!
fetch and analyze Software Bill of Materials (SBOM) data from NowSecure's GraphQL API to identify vulnerable dependencies.
A CLI security scanner that detects GitHub accounts compromised by the “Sha1-Hulud: The Second Coming” npm supply-chain worm.
Cross-platform, stdlib-only Python CLI to detect, remove, and prevent the Shai-Hulud npm/PyPI supply-chain worm family. Signed commits, matrix CI, SLSA-provenance releases, OpenSSF Scorecard.
Block npm/npx/yarn in Claude Code with a skill + PreToolUse hook. Use pnpm instead. Defense against Shai-Hulud-style npm supply-chain attacks.
🛡️ Advanced NPM supply chain attack detection tool - Specialized in detecting Shai-Hulud compromise indicators with beautiful CLI interface and automated security reporting
Node.js tool to check your project for compromised npm packages
Sandbox Everything
Shell script to detect TanStack npm supply chain attack indicators (CVE-2026-45321 / GHSA-g7cv-rxg3-hmpx)
Add a description, image, and links to the shai-hulud topic page so that developers can more easily learn about it.
To associate your repository with the shai-hulud topic, visit your repo's landing page and select "manage topics."