Live updates: Shai-hulud, the most dangerous NPM breach in history(koi.security)
koi.security
Live updates: Shai-hulud, the most dangerous NPM breach in history
https://www.koi.security/blog/shai-hulud-npm-supply-chain-attack-crowdstrike-tinycolor
3 comments
Larger discussion thread here: https://news.ycombinator.com/item?id=45260741
I scanned this discussion looking for a way to tell if you've been compromised but nothing jumped out.
If you’re a package maintainer, please defensively revoke all NPM and GitHub tokens. This is a worm which is still spreading and you probably don’t want to publish anything today anyways, so you might as well use this incident as an opportunity to rotate everything.