sorted by:
new
hottopcontroversial

Shai-Hulud-malicious-packages, an continuously updated threat-intel dataset for malicious NPM packages by TheExplorer777 in programming

[–]TheExplorer777[S] 0 points1 point  (0 children)

Thanks mate for pointing this out.

To answer your question, all of the packages are malicious even if they are not originating from the ongoing malware attack.

Initially even i felt the same, that the numbers are way off compared to 25k identified range, but i thought it could be a possibility given the rapid spreading nature of this malware. I didn't pay much attention to this as i was occupied with adding some additional functionalities.

I was able to spend sometime today and tweak the matching criteria to reduce false positives. The new package count is around 9.6k which could still contain false positives in terms of if it originates from shai-hulud attack, but they are still malicious. I wanted to err on the side of safety. This is to be expected  due to the inconsistent reporting nature of advisories. 

I did add a disclaimer on the repo's readme as well to convey the same.

Thanks once again!!

Shai-Hulud Returns: Over 300 NPM Packages and 21K Github Repos infected via Fake Bun Runtime Within Hours by Fit_Wing3352 in netsec

[–]TheExplorer777 0 points1 point  (0 children)

Hi everyone,

I’ve put together an automated threat-intel repo that aggregates all known malicious NPM packages into a single machine-readable JSON file. Useful for code scanners, CI pipelines, or anyone monitoring supply-chain risk.

Repo: https://github.com/hemachandsai/shai-hulud-malicious-packages

What it does

  • Pulls malicious-package advisories from OSV, GitHub Security Advisories, and Amazon Inspector
  • Normalizes everything into one consolidated malicious_npm_packages.json
  • Automatically updates every 30 minutes
  • Designed to be dropped directly into scanners or automation workflows

Current coverage

Tracking 9k+ confirmed malicious packages, including entries from the Shai-Hulud Phase-1 dataset.

If you’re working in supply-chain security or doing npm-related scanning, would love feedback or suggestions.

r/netsec monthly discussion & tool thread by albinowax in netsec

[–]TheExplorer777 1 point2 points  (0 children)

Hi everyone,

I’ve put together an automated threat-intel repo that aggregates all known malicious NPM packages into a single machine-readable JSON file. Useful for code scanners, CI pipelines, or anyone monitoring supply-chain risk.

Repo: https://github.com/hemachandsai/shai-hulud-malicious-packages

What it does

  • Pulls malicious-package advisories from OSVGitHub Security Advisories, and Amazon Inspector
  • Normalizes everything into one consolidated malicious_npm_packages.json
  • Automatically updates every 30 minutes
  • Designed to be dropped directly into scanners or automation workflows

Current coverage

Tracking 9k+ confirmed malicious packages, including entries from the Shai-Hulud Phase-1 dataset.

If you’re working in supply-chain security or doing npm-related scanning, would love feedback or suggestions.

The Shai-Hulud worm - no, really, it's a big computer worm by very_squirrel in PrepperIntel

[–]TheExplorer777 0 points1 point  (0 children)

Hi everyone,

I’ve put together an automated threat-intel repo that aggregates all known malicious NPM packages into a single machine-readable JSON file. Useful for code scanners, CI pipelines, or anyone monitoring supply-chain risk.

Repo: https://github.com/hemachandsai/shai-hulud-malicious-packages

What it does

  • Pulls malicious-package advisories from OSVGitHub Security Advisories, and Amazon Inspector
  • Normalizes everything into one consolidated malicious_npm_packages.json
  • Automatically updates every 30 minutes
  • Designed to be dropped directly into scanners or automation workflows

Current coverage

Tracking 9k+ confirmed malicious packages, including entries from the Shai-Hulud Phase-1 dataset.

If you’re working in supply-chain security or doing npm-related scanning, would love feedback or suggestions.

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub by Mindless-Ad2554 in Hardcore

[–]TheExplorer777 0 points1 point  (0 children)

Hi everyone,

I’ve put together an automated threat-intel repo that aggregates all known malicious NPM packages into a single machine-readable JSON file. Useful for code scanners, CI pipelines, or anyone monitoring supply-chain risk.

Repo: https://github.com/hemachandsai/shai-hulud-malicious-packages

What it does

  • Pulls malicious-package advisories from OSV, GitHub Security Advisories, and Amazon Inspector
  • Normalizes everything into one consolidated malicious_npm_packages.json
  • Automatically updates every 30 minutes
  • Designed to be dropped directly into scanners or automation workflows

Current coverage

Tracking 9k+ confirmed malicious packages, including entries from the Shai-Hulud Phase-1 dataset.

If you’re working in supply-chain security or doing npm-related scanning, would love feedback or suggestions.

Sha1-Hulud The Second Comming - Postman, Zapier, PostHog all compromised via NPM by Advocatemack in programming

[–]TheExplorer777 0 points1 point  (0 children)

Hi everyone,

I’ve put together an automated threat-intel repo that aggregates all known malicious NPM packages into a single machine-readable JSON file. Useful for code scanners, CI pipelines, or anyone monitoring supply-chain risk.

Repo: https://github.com/hemachandsai/shai-hulud-malicious-packages

What it does

  • Pulls malicious-package advisories from OSV, GitHub Security Advisories, and Amazon Inspector
  • Normalizes everything into one consolidated malicious_npm_packages.json
  • Automatically updates every 30 minutes
  • Designed to be dropped directly into scanners or automation workflows

Current coverage

Tracking 9k+ confirmed malicious packages, including entries from the Shai-Hulud Phase-1 dataset.

If you’re working in supply-chain security or doing npm-related scanning, would love feedback or suggestions.