Skip to main content

Tag: javascript package manager

1 article

Developer workstation in shared office with laptop and large monitor displaying signs of GitHub Actions shared-cache…

Shai-Hulud worm infects another npm package

A copycat of the notorious Shai-Hulud worm has struck again, infecting another npm package by exploiting a GitHub Actions misconfiguration. This latest attack follows a similar pattern that recently prompted TanStack to rethink its approach to accepting outside code contributions.

Analyst 207