Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.

A security analysis tool to detect Shai-Hulud malware infections across GitHub and NPM ecosystems

Script to verify if Shai Hulud and Sha1-Hulud NPM package alike are affecting your NPM Build - check https://phoenix.security/shai-hulud-second-coming-npms-biggest-supply-chain-breach/

Comprehensive detection tool for NPM supply chain attacks, specifically designed to identify and prevent the Shai-Hulud worm and Shai-Hulud 2-0-0 that compromised 1193+ packages including CrowdStrike npm packages in 2025.

Autonomous “Shai-Hulud” engine that ingests malicious NPM package advisories from OSV, tracks versions and metadata, and maintains a continuously updated threat intelligence database.

🪱 NPM Worm Defense Guide: Detection, remediation & prevention for Shai-Hulud 2.0 and beyond!

Sentinel Package Manager blocks compromised packages BEFORE installation, preventing malicious code execution. Features: Pre-install blocking, command interception (npm/yarn/pnpm/bun), 795+ blacklist (Shai-Hulud), real-time checks (OSV/GitHub/Snyk), zero dependencies, auto-updates. Counters supply chain attacks.

A CLI security scanner that detects GitHub accounts compromised by the “Sha1-Hulud: The Second Coming” npm supply-chain worm.

Node.js tool to check your project for compromised npm packages

🛡️ Advanced NPM supply chain attack detection tool - Specialized in detecting Shai-Hulud compromise indicators with beautiful CLI interface and automated security reporting

fetch and analyze Software Bill of Materials (SBOM) data from NowSecure's GraphQL API to identify vulnerable dependencies.

A Node.js utility to scan projects for compromised npm packages by checking against the latest list from Wiz Security's research repository for the recent shai-hulud-2 security breach.

Security scanner that checks npm dependencies for Shai Hulud vulnerable packages. Scans all dependencies and transitive dependencies against 689+ known compromised packages

scans system for npm-packages and artifacts known to be compromised by 'Shai-Hulud' attack

Pull the latest Shai-Hulud npm compromise advisories and check your machine for matching package versions.

🔍 Automated GitHub scanner to detect Sha1-Hulud project repositories across organization members. Fetches org members, scans for specific repos, and sends Slack notifications when found.

How to Check for Compromised NPM Packages

Check NPM packages in a project to try to find malicious scripts. Initially inspired by the Shai-Hulud attack.

Shai-Hulud Repository.

An Azure Devops Scanner Pipeline Template to use to detect SHAI-HULUD Worm