Big attack on NPM – Shai-Hulud 2.0(about.gitlab.com)
about.gitlab.com
Big attack on NPM – Shai-Hulud 2.0
https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/
3 comments
Made a package (that I needed personally), to easily reinstall all dependencies (using the same versions) in a project and check them using Aikido's safe chain for malware (supported npm, pnpm, bun, and yarn). It also easily switches a project's package manager to another. https://www.npmjs.com/package/eazypm
Prior discussion https://news.ycombinator.com/item?id=46032539
This is a nasty npm attack. It steals API keys and credits.