GLOBAL SITUATIONMONITORING

482 published briefsUTCFri, Apr 3 17:54:38

Intelligence Tag

npm Security

Security vulnerabilities and threats specific to the Node Package Manager ecosystem and JavaScript package distribution

1 intelligence brief← Intelligence Hub

Shai-Hulud Supply Chain Attack: How npm Tokens Became Million-Dollar Keys

Shai-Hulud demonstrates how compromised npm tokens became a self-replicating worm affecting hundreds of packages, exposing 400,000 developer secrets and enabling the $8.5 million Trust Wallet crypto theft.

Peter Chofield

Jan 5, 2026

4–7 minutes