Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.

Script to verify if Shai Hulud and Sha1-Hulud NPM package alike are affecting your NPM Build - check https://phoenix.security/shai-hulud-second-coming-npms-biggest-supply-chain-breach/

A Node.js utility to scan projects for compromised npm packages by checking against the latest list from Wiz Security's research repository for the recent shai-hulud-2 security breach.

Security scanner that checks npm dependencies for Shai Hulud vulnerable packages. Scans all dependencies and transitive dependencies against 689+ known compromised packages