#Shai-hulud
Showing 3 of 3 repositories tagged #shai-hulud, ranked by stars
lirantal
npm-security-best-practices
Collection of npm package manager Security Best Practices
Score
100
★ 1.2k
⑂ 43
+2/day
jestasecurity
thumper
Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.
Score
50
★ 223
⑂ 13
—
Python
gensecaihq
Shai-Hulud-2.0-Detector
Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.
Score
0
★ 141
⑂ 34
—
TypeScript