Critical Supply Chain Attack

SHAI-HULUD SCAN

Tracking Shai-Hulud 2.0 and Mini Shai-Hulud supply chain attacks. Check if your dependencies are affected.

Risk LevelCRITICAL
Shai-Hulud 2.0798
Mini Shai-Hulud24
StatusACTIVE

Databases: Shai-Hulud 2.0 (Nov 2025) + Mini Shai-Hulud (May 2026)

CHECK NOW

Quick Infection Check

Check if your dependencies are compromised in the Shai-Hulud 2.0 or Mini Shai-Hulud attacks

Or analyze your entire project:

UPLOAD PACKAGE-LOCK.JSON OR SBOM
ANATOMY

How the Attack Works

1. Infection

Malware runs via 'preinstall' script

2. Theft & Backdoor

Steals secrets & installs GitHub Runner

3. Exfiltration

Pushes secrets to public GitHub repos

4. Propagation

Publishes new infected packages (Worm)

Analysis Instructions

Upload package.json

Upload your package.json, package-lock.json, or SBOM file for complete project analysis including optionalDependencies

Composite Search

Use semantic + full-text matching for better results

Local Embeddings

Generate embeddings locally for enhanced semantic search

Privacy First

All analysis runs locally - no external API calls or data sharing

IOC Summary

File Hashes4
Domains5
Commits4
Patterns8
Persistence Paths12
Total IOCs33

Advanced Search