Shai-Hulud 2.0: What executives need to know about the supply-chain worm (Nov 24, 2025)

bbossola, ,
6–9 minutes
Shai-Hulud 2.0: What executives need to know about the new npm supply-chain worm (Nov 24, 2025)

On November 24, 2025, a second wave of the “Shai-Hulud” npm supply-chain attack began spreading through the JavaScript ecosystem. Attackers compromised maintainer accounts, published trojanized versions of legitimate packages, and used them as a worm to steal credentials and propagate into more projects and organizations.

What happened (in plain terms)

  • Trusted packages were silently replaced with malicious updates. When developers or CI systems installed these versions, the malware ran automatically during install.
  • The malware steals secrets at scale. The payload hunts for npm/GitHub tokens and cloud credentials, then exfiltrates them to attacker-controlled repos.
  • This wave is more capable than September’s. Researchers observed improved execution (including the Bun runtime) and broader credential targeting, making infection faster and harder to spot.
  • High-profile vendors were hit. Packages tied to Zapier, ENS Domains, Postman, PostHog, AsyncAPI and others were compromised, showing the attackers can reach well-run projects—not just obscure libs.

Why this matters to your business

This is not a “developer problem.” It is a direct enterprise risk:

  1. Credential theft = account takeover. If a compromised package was installed in your environment, assume tokens and keys on that machine (or CI runner) may be stolen. That can lead to cloud breaches, source-code theft, or ransomware-style follow-on attacks.
  2. Supply chain blast radius is huge. npm packages are deeply nested in modern apps. One infected dependency can taint many internal services before anyone notices. The campaign has already spread into tens of thousands of GitHub repos.
  3. Regulatory and reputational exposure. If attacker access leads to customer data loss or service disruption, you face incident-response costs, disclosure obligations, and trust damage.

Immediate actions (next 24–72 hours) for your engineering team

If your engineering team uses Node.js / npm anywhere:

  1. Identify exposure.
    • Compare your dependency lockfiles (package-lock.json, yarn.lock, pnpm-lock.yaml) to the known malicious package/version list from current advisories
    • Search CI logs and build images for installs of those versions around Nov 24, 2025 onward.
    • If you are using Meterian, your teams will be notified tomorrow of any outstanding issue in your projects, while you can also manually trigger a rescan
  2. Treat potentially affected environments as compromised.
    • Rotate all secrets that could have been accessible to developer machines or CI runners: npm tokens, GitHub tokens, cloud keys, DB creds, SaaS API keys.
    • Re-issue creds from a clean machine.
  3. Hunt for persistence.
    • Check for unexpected GitHub Actions / CI workflows, new secrets, or unfamiliar deploy keys. Earlier Shai-Hulud waves used CI backdoors to keep access.
  4. Block known bad versions now.
    • Add deny-lists in artifact proxies (e.g., npm registry mirrors) and internal policy gates.
    • Pin safe versions until the incident stabilizes.

Medium-term fixes (next few weeks) for your engineering team

  • Eliminate long-lived registry tokens. The attack leveraged stolen or weakly protected maintainer/CI tokens; reducing token lifetime and scope cuts worm propagation.
  • Harden CI/CD. Run builds in isolated runners with minimal secrets; require approvals for workflow changes.
  • Adopt dependency trust controls.
    • Prefer verified publishing / signed releases where available.
    • Add automated checks for sudden owner changes, new install scripts, or unusual publish patterns.

The take-home

Shai-Hulud 2.0 is a credential-stealing worm riding on the npm ecosystem. It spreads through normal installs, targets high-value developer and cloud secrets, and has already hit mainstream packages. The right executive posture is: assume compromise if exposed, rotate secrets fast, and tighten the software supply chain permanently. After last September’s incident, we predicted this would rear its ugly head again. Watch a brief update and warning shared earlier this week at one of our meetings.

Meterian CTO Bruno Bossola shares the growing blast radius and all consumers of NPM must stop it

This is a story under development!

Please keep an eye on this blog page, in the meantime here’s the list of affected packages and versions so far:

Package Malicious version(s)
Package name Affected versions
@accordproject/concerto-analysis 3.24.1
@accordproject/concerto-linter 3.24.1
@accordproject/concerto-linter-default-ruleset 3.24.1
@accordproject/concerto-metamodel 3.12.5
@accordproject/concerto-types 3.24.1
@accordproject/markdown-it-cicero 0.16.26
@accordproject/template-engine 2.7.2
@actbase/css-to-react-native-transform 1.0.3
@actbase/native 0.1.32
@actbase/node-server 1.1.19
@actbase/react-absolute 0.8.3
@actbase/react-daum-postcode 1.0.5
@actbase/react-kakaosdk 0.9.27
@actbase/react-native-actionsheet 1.0.3
@actbase/react-native-devtools 0.1.3
@actbase/react-native-fast-image 8.5.13
@actbase/react-native-kakao-channel 1.0.2
@actbase/react-native-kakao-navi 2.0.4
@actbase/react-native-less-transformer 1.0.6
@actbase/react-native-naver-login 1.0.1
@actbase/react-native-simple-video 1.0.13
@actbase/react-native-tiktok 1.1.3
@afetcan/api 0.0.13
@afetcan/storage 0.0.27
@alexadark/amadeus-api 1.0.4
@alexadark/gatsby-theme-events 1.0.1
@alexadark/gatsby-theme-wordpress-blog 2.0.1
@alexadark/reusable-functions 1.5.1
@alexcolls/nuxt-socket.io 0.0.7|0.0.8
@alexcolls/nuxt-ux 0.6.1|0.6.2
@alexcolls/nuxt-ux 0.6.2|0.6.1
@antstackio/eslint-config-antstack 0.0.3
@antstackio/express-graphql-proxy 0.2.8
@antstackio/graphql-body-parser 0.1.1
@antstackio/json-to-graphql 1.0.3
@antstackio/shelbysam 1.1.7
@aryanhussain/my-angular-lib 0.0.23
@asyncapi/dotnet-rabbitmq-template 1.0.2|1.0.1
@asyncapi/edavisualiser 1.2.2|1.2.1
@asyncapi/go-watermill-template 0.2.76|0.2.77
@asyncapi/java-template 0.3.6|0.3.5
@asyncapi/keeper 0.0.3|0.0.2
@asyncapi/php-template 0.1.2|0.1.1
@asyncapi/python-paho-template 0.2.15|0.2.14
@asyncapi/server-api 0.16.25|0.16.24
@asyncapi/studio 1.0.3|1.0.2
@asyncapi/web-component 2.6.7|2.6.6
@bdkinc/knex-ibmi 0.5.7
@browserbasehq/bb9 1.2.21
@browserbasehq/director-ai 1.0.3
@browserbasehq/mcp 2.1.1
@browserbasehq/mcp-server-browserbase 2.4.2
@browserbasehq/sdk-functions 0.0.4
@browserbasehq/stagehand 3.0.4
@browserbasehq/stagehand-docs 1.0.1
@caretive/caret-cli 0.0.2
@chtijs/eslint-config 1.0.1
@clausehq/flows-step-httprequest 0.1.14
@clausehq/flows-step-jsontoxml 0.1.14
@clausehq/flows-step-mqtt 0.1.14
@clausehq/flows-step-sendgridemail 0.1.14
@clausehq/flows-step-taskscreateurl 0.1.14
@cllbk/ghl 1.3.1
@commute/bloom 1.0.3
@commute/market-data 1.0.2
@commute/market-data-chartjs 2.3.1
@dev-blinq/ai-qa-logic 1.0.19
@dev-blinq/cucumber_client 1.0.738
@dev-blinq/cucumber-js 1.0.131
@dev-blinq/ui-systems 1.0.93
@ensdomains/address-encoder 1.1.5
@ensdomains/blacklist 1.0.1
@ensdomains/buffer 0.1.2
@ensdomains/ccip-read-cf-worker 0.0.4
@ensdomains/ccip-read-dns-gateway 0.1.1
@ensdomains/ccip-read-router 0.0.7
@ensdomains/ccip-read-worker-viem 0.0.4
@ensdomains/content-hash 3.0.1
@ensdomains/curvearithmetics 1.0.1
@ensdomains/cypress-metamask 1.2.1
@ensdomains/dnsprovejs 0.5.3
@ensdomains/dnssec-oracle-anchors 0.0.2
@ensdomains/dnssecoraclejs 0.2.9
@ensdomains/durin 0.1.2
@ensdomains/durin-middleware 0.0.2
@ensdomains/ens-archived-contracts 0.0.3
@ensdomains/ens-avatar 1.0.4
@ensdomains/ens-contracts 1.6.1
@ensdomains/ens-test-env 1.0.2
@ensdomains/ens-validation 0.1.1
@ensdomains/ensjs 4.0.3
@ensdomains/ensjs-react 0.0.5
@ensdomains/eth-ens-namehash 2.0.16
@ensdomains/hackathon-registrar 1.0.5
@ensdomains/hardhat-chai-matchers-viem 0.1.15
@ensdomains/hardhat-toolbox-viem-extended 0.0.6
@ensdomains/mock 2.1.52
@ensdomains/name-wrapper 1.0.1
@ensdomains/offchain-resolver-contracts 0.2.2
@ensdomains/op-resolver-contracts 0.0.2
@ensdomains/react-ens-address 0.0.32
@ensdomains/renewal 0.0.13
@ensdomains/renewal-widget 0.1.10
@ensdomains/reverse-records 1.0.1
@ensdomains/server-analytics 0.0.2
@ensdomains/solsha1 0.0.4
@ensdomains/subdomain-registrar 0.2.4
@ensdomains/test-utils 1.3.1
@ensdomains/thorin 0.6.51
@ensdomains/ui 3.4.6
@ensdomains/unicode-confusables 0.1.1
@ensdomains/unruggable-gateways 0.0.3
@ensdomains/vite-plugin-i18next-loader 4.0.4
@ensdomains/web3modal 1.10.2
@everreal/react-charts 2.0.2
@everreal/react-charts 2.0.1|2.0.2
@everreal/validate-esmoduleinterop-imports 1.4.5
@everreal/validate-esmoduleinterop-imports 1.4.4|1.4.5
@everreal/web-analytics 0.0.2
@everreal/web-analytics 0.0.1|0.0.2
@faq-component/core 0.0.4
@faq-component/react 1.0.1
@fishingbooker/browser-sync-plugin 1.0.5
@fishingbooker/react-loader 1.0.7
@fishingbooker/react-pagination 2.0.6
@fishingbooker/react-raty 2.0.1
@fishingbooker/react-swiper 0.1.5
@hapheus/n8n-nodes-pgp 1.5.1
@hover-design/core 0.0.1
@hover-design/react 0.2.1
@huntersofbook/auth-vue 0.4.2
@huntersofbook/core 0.5.1
@huntersofbook/core-nuxt 0.4.2
@huntersofbook/form-naiveui 0.5.1
@huntersofbook/i18n 0.8.2
@huntersofbook/ui 0.5.1
@hyperlook/telemetry-sdk 1.0.19
@ifelsedeveloper/protocol-contracts-svm-idl 0.1.2|0.1.3
@ifelsedeveloper/protocol-contracts-svm-idl 0.1.2
@ifings/design-system 4.9.2
@ifings/metatron3 0.1.5
@jayeshsadhwani/telemetry-sdk 1.0.14
@kvytech/cli 0.0.7
@kvytech/components 0.0.2
@kvytech/habbit-e2e-test 0.0.2
@kvytech/medusa-plugin-announcement 0.0.8
@kvytech/medusa-plugin-management 0.0.5
@kvytech/medusa-plugin-newsletter 0.0.5
@kvytech/medusa-plugin-product-reviews 0.0.9
@kvytech/medusa-plugin-promotion 0.0.2
@kvytech/web 0.0.2
@lessondesk/api-client 9.12.2|9.12.3
@lessondesk/api-client 9.12.3|9.12.2
@lessondesk/babel-preset 1.0.1
@lessondesk/electron-group-api-client 1.0.3
@lessondesk/eslint-config 1.4.2
@lessondesk/material-icons 1.0.3
@lessondesk/react-table-context 2.0.4
@lessondesk/schoolbus 5.2.2|5.2.3
@livecms/live-edit 0.0.32
@livecms/nuxt-live-edit 1.9.2
@louisle2/core 1.0.1
@louisle2/cortex-js 0.1.6
@lpdjs/firestore-repo-service 1.0.1
@lui-ui/lui-nuxt 0.1.1
@lui-ui/lui-tailwindcss 0.1.2
@lui-ui/lui-vue 1.0.13
@markvivanco/app-version-checker 1.0.2|1.0.1
@ntnx/passport-wso2 0.0.3
@ntnx/t 0.0.101
@oku-ui/accordion 0.6.2
@oku-ui/alert-dialog 0.6.2
@oku-ui/arrow 0.6.2
@oku-ui/aspect-ratio 0.6.2
@oku-ui/avatar 0.6.2
@oku-ui/checkbox 0.6.3
@oku-ui/collapsible 0.6.2
@oku-ui/collection 0.6.2
@oku-ui/dialog 0.6.2
@oku-ui/direction 0.6.2
@oku-ui/dismissable-layer 0.6.2
@oku-ui/focus-guards 0.6.2
@oku-ui/focus-scope 0.6.2
@oku-ui/hover-card 0.6.2
@oku-ui/label 0.6.2
@oku-ui/menu 0.6.2
@oku-ui/motion 0.4.4
@oku-ui/motion-nuxt 0.2.2
@oku-ui/popover 0.6.2
@oku-ui/popper 0.6.2
@oku-ui/portal 0.6.2
@oku-ui/presence 0.6.2
@oku-ui/primitive 0.6.2
@oku-ui/primitives 0.7.9
@oku-ui/primitives-nuxt 0.3.1
@oku-ui/progress 0.6.2
@oku-ui/provide 0.6.2
@oku-ui/radio-group 0.6.2
@oku-ui/roving-focus 0.6.2
@oku-ui/scroll-area 0.6.2
@oku-ui/separator 0.6.2
@oku-ui/slider 0.6.2
@oku-ui/slot 0.6.2
@oku-ui/switch 0.6.2
@oku-ui/tabs 0.6.2
@oku-ui/toast 0.6.2
@oku-ui/toggle 0.6.2
@oku-ui/toggle-group 0.6.2
@oku-ui/toolbar 0.6.2
@oku-ui/tooltip 0.6.2
@oku-ui/use-composable 0.6.2
@oku-ui/utils 0.6.2
@oku-ui/visually-hidden 0.6.2
@orbitgtbelgium/mapbox-gl-draw-cut-polygon-mode 2.0.5
@orbitgtbelgium/mapbox-gl-draw-scale-rotate-mode 1.1.1
@orbitgtbelgium/orbit-components 1.2.9
@orbitgtbelgium/time-slider 1.0.187
@osmanekrem/bmad 1.0.6
@osmanekrem/error-handler 1.2.2
@pergel/cli 0.11.1
@pergel/module-box 0.6.1
@pergel/module-graphql 0.6.1
@pergel/module-ui 0.0.9
@pergel/nuxt 0.25.5
@posthog/agent 1.24.1
@posthog/ai 7.1.2
@posthog/cli 0.5.15
@posthog/clickhouse 1.7.1
@posthog/core 1.5.6
@posthog/hedgehog-mode 0.0.42
@posthog/icons 0.36.1
@posthog/lemon-ui 0.0.1
@posthog/nextjs-config 1.5.1
@posthog/nuxt 1.2.9
@posthog/piscina 3.2.1
@posthog/plugin-contrib 0.0.6
@posthog/react-rrweb-player 1.1.4
@posthog/rrdom 0.0.31
@posthog/rrweb 0.0.31
@posthog/rrweb-player 0.0.31
@posthog/rrweb-record 0.0.31
@posthog/rrweb-replay 0.0.19
@posthog/rrweb-snapshot 0.0.31
@posthog/rrweb-utils 0.0.31
@posthog/siphash 1.1.2
@posthog/wizard 1.18.1
@postman/aether-icons 2.23.4|2.23.3|2.23.2
@postman/csv-parse 4.0.5|4.0.3|4.0.4
@postman/node-keytar 7.9.6|7.9.4|7.9.5
@postman/tunnel-agent 0.6.7|0.6.6|0.6.5
@pradhumngautam/common-app 1.0.2
@productdevbook/animejs-vue 0.2.1
@productdevbook/auth 0.2.2
@productdevbook/chatwoot 2.0.1
@productdevbook/motion 1.0.4
@productdevbook/ts-i18n 1.4.2
@pruthvi21/use-debounce 1.0.3
@quick-start-soft/quick-document-translator 1.4.2511142126
@quick-start-soft/quick-git-clean-markdown 1.4.2511142126
@quick-start-soft/quick-markdown 1.4.2511142126
@quick-start-soft/quick-markdown-compose 1.4.2506300029
@quick-start-soft/quick-markdown-image 1.4.2511142126
@quick-start-soft/quick-markdown-print 1.4.2511142126
@quick-start-soft/quick-markdown-translator 1.4.2509202331
@quick-start-soft/quick-remove-image-background 1.4.2511142126
@quick-start-soft/quick-task-refine 1.4.2511142126
@relyt/claude-context-core 0.1.1
@sameepsi/sor 1.0.3
@sameepsi/sor2 2.0.2
@seezo/sdr-mcp-server 0.0.5
@seung-ju/next 0.0.2
@seung-ju/openapi-generator 0.0.4
@seung-ju/react-hooks 0.0.2
@seung-ju/react-native-action-sheet 0.2.1
@silgi/better-auth 0.8.1
@silgi/drizzle 0.8.4
@silgi/ecosystem 0.7.6
@silgi/graphql 0.7.15
@silgi/module-builder 0.8.8
@silgi/openapi 0.7.4
@silgi/permission 0.6.8
@silgi/ratelimit 0.2.1
@silgi/scalar 0.6.2
@silgi/yoga 0.7.1
@sme-ui/aoma-vevasound-metadata-lib 0.1.3
@strapbuild/react-native-date-time-picker 2.0.4
@strapbuild/react-native-perspective-image-cropper 0.4.15
@strapbuild/react-native-perspective-image-cropper-2 0.4.7
@strapbuild/react-native-perspective-image-cropper-poojan31 0.4.6
@suraj_h/medium-common 1.0.5
@thedelta/eslint-config 1.0.2
@tiaanduplessis/json 2.0.2|2.0.3
@tiaanduplessis/json 2.0.3|2.0.2
@tiaanduplessis/react-progressbar 1.0.1|1.0.2
@tiaanduplessis/react-progressbar 1.0.2|1.0.1
@trackstar/angular-trackstar-link 1.0.2
@trackstar/react-trackstar-link 2.0.21
@trackstar/react-trackstar-link-upgrade 1.1.10
@trackstar/test-angular-package 0.0.9
@trackstar/test-package 1.1.5
@trefox/sleekshop-js 0.1.6
@trigo/atrix 7.0.1
@trigo/atrix-elasticsearch 2.0.1
@trigo/atrix-postgres 1.0.3
@trigo/atrix-pubsub 4.0.3
@trigo/atrix-soap 1.0.2
@trigo/atrix-swagger 3.0.1
@trigo/bool-expressions 4.1.3
@trigo/eslint-config-trigo 3.3.1
@trigo/fsm 3.4.2
@trigo/hapi-auth-signedlink 1.3.1
@trigo/pathfinder-ui-css 0.1.1
@trigo/trigo-hapijs 5.0.1
@trpc-rate-limiter/cloudflare 0.1.4
@trpc-rate-limiter/hono 0.1.4
@varsityvibe/api-client 1.3.36|1.3.37
@varsityvibe/utils 5.0.6
@varsityvibe/validation-schemas 0.6.7|0.6.8
@viapip/eslint-config 0.2.4
@vishadtyagi/full-year-calendar 0.1.11
@voiceflow/alexa-types 2.15.61
@voiceflow/alexa-types 2.15.60|2.15.61
@voiceflow/anthropic 0.4.4|0.4.5
@voiceflow/api-sdk 3.28.59
@voiceflow/api-sdk 3.28.58|3.28.59
@voiceflow/backend-utils 5.0.1|5.0.2
@voiceflow/backend-utils 5.0.2|5.0.1
@voiceflow/base-types 2.136.2|2.136.3
@voiceflow/base-types 2.136.3|2.136.2
@voiceflow/body-parser 1.21.2|1.21.3
@voiceflow/chat-types 2.14.58|2.14.59
@voiceflow/chat-types 2.14.59|2.14.58
@voiceflow/circleci-config-sdk-orb-import 0.2.1|0.2.2
@voiceflow/commitlint-config 2.6.1
@voiceflow/commitlint-config 2.6.2|2.6.1
@voiceflow/common 8.9.1|8.9.2
@voiceflow/default-prompt-wrappers 1.7.3|1.7.4
@voiceflow/default-prompt-wrappers 1.7.4|1.7.3
@voiceflow/dependency-cruiser-config 1.8.11|1.8.12
@voiceflow/dependency-cruiser-config 1.8.12|1.8.11
@voiceflow/dtos-interact 1.40.1|1.40.2
@voiceflow/dtos-interact 1.40.2|1.40.1
@voiceflow/encryption 0.3.2|0.3.3
@voiceflow/encryption 0.3.3|0.3.2
@voiceflow/eslint-config 7.16.4|7.16.5
@voiceflow/eslint-plugin 1.6.1|1.6.2
@voiceflow/eslint-plugin 1.6.2|1.6.1
@voiceflow/exception 1.10.1|1.10.2
@voiceflow/exception 1.10.2|1.10.1
@voiceflow/fetch 1.11.1|1.11.2
@voiceflow/general-types 3.2.22|3.2.23
@voiceflow/general-types 3.2.23|3.2.22
@voiceflow/git-branch-check 1.4.3
@voiceflow/git-branch-check 1.4.4|1.4.3
@voiceflow/google-dfes-types 2.17.12|2.17.13
@voiceflow/google-types 2.21.13
@voiceflow/google-types 2.21.12|2.21.13
@voiceflow/husky-config 1.3.1
@voiceflow/husky-config 1.3.1|1.3.2
@voiceflow/logger 2.4.2|2.4.3
@voiceflow/logger 2.4.3|2.4.2
@voiceflow/metrics 1.5.1|1.5.2
@voiceflow/metrics 1.5.2|1.5.1
@voiceflow/natural-language-commander 0.5.2|0.5.3
@voiceflow/nestjs-common 2.75.2|2.75.3
@voiceflow/nestjs-mongodb 1.3.1|1.3.2
@voiceflow/nestjs-rate-limit 1.3.2|1.3.3
@voiceflow/nestjs-rate-limit 1.3.3|1.3.2
@voiceflow/nestjs-redis 1.3.1|1.3.2
@voiceflow/nestjs-timeout 1.3.1
@voiceflow/nestjs-timeout 1.3.1|1.3.2
@voiceflow/npm-package-json-lint-config 1.1.1
@voiceflow/npm-package-json-lint-config 1.1.1|1.1.2
@voiceflow/openai 3.2.2|3.2.3
@voiceflow/pino 6.11.3|6.11.4
@voiceflow/pino 6.11.4|6.11.3
@voiceflow/pino-pretty 4.4.1|4.4.2
@voiceflow/pino-pretty 4.4.2|4.4.1
@voiceflow/prettier-config 1.10.1
@voiceflow/prettier-config 1.10.2|1.10.1
@voiceflow/react-chat 1.65.4
@voiceflow/react-chat 1.65.4|1.65.3
@voiceflow/runtime 1.29.1|1.29.2
@voiceflow/runtime-client-js 1.17.2|1.17.3
@voiceflow/runtime-client-js 1.17.3|1.17.2
@voiceflow/sdk-runtime 1.43.1|1.43.2
@voiceflow/sdk-runtime 1.43.2|1.43.1
@voiceflow/secrets-provider 1.9.2
@voiceflow/secrets-provider 1.9.3|1.9.2
@voiceflow/semantic-release-config 1.4.1
@voiceflow/semantic-release-config 1.4.2|1.4.1
@voiceflow/serverless-plugin-typescript 2.1.7|2.1.8
@voiceflow/slate-serializer 1.7.3|1.7.4
@voiceflow/slate-serializer 1.7.4|1.7.3
@voiceflow/stitches-react 2.3.2|2.3.3
@voiceflow/stitches-react 2.3.3|2.3.2
@voiceflow/storybook-config 1.2.2|1.2.3
@voiceflow/stylelint-config 1.1.1
@voiceflow/stylelint-config 1.1.1|1.1.2
@voiceflow/test-common 2.1.1|2.1.2
@voiceflow/tsconfig 1.12.1
@voiceflow/tsconfig 1.12.2|1.12.1
@voiceflow/tsconfig-paths 1.1.4|1.1.5
@voiceflow/tsconfig-paths 1.1.5|1.1.4
@voiceflow/utils-designer 1.74.20
@voiceflow/utils-designer 1.74.19|1.74.20
@voiceflow/verror 1.1.4
@voiceflow/verror 1.1.5|1.1.4
@voiceflow/vite-config 2.6.2|2.6.3
@voiceflow/vitest-config 1.10.2|1.10.3
@voiceflow/vitest-config 1.10.3|1.10.2
@voiceflow/voice-types 2.10.58|2.10.59
@voiceflow/voice-types 2.10.59|2.10.58
@voiceflow/voiceflow-types 3.32.45|3.32.46
@voiceflow/widget 1.7.18|1.7.19
@vucod/email 0.0.3
@zapier/ai-actions 0.1.20|0.1.19|0.1.18
@zapier/babel-preset-zapier 6.4.2|6.4.1|6.4.3
@zapier/browserslist-config-zapier 1.0.4|1.0.3|1.0.5
@zapier/secret-scrubber 1.1.5|1.1.4|1.1.3
02-echo 0.0.7
ai-crowl-shield 1.0.7
arc-cli-fc 1.0.1
asciitranslator 1.0.3
asyncapi-preview 1.0.2|1.0.1
atrix 1.0.1
automation_model 1.0.491
avvvatars-vue 1.1.2
axios-builder 1.2.1
axios-cancelable 1.0.1|1.0.2
axios-cancelable 1.0.2|1.0.1
axios-timed 1.0.1|1.0.2
axios-timed 1.0.2|1.0.1
barebones-css 1.1.3|1.1.4
barebones-css 1.1.4|1.1.3
benmostyn-frame-print 1.0.1
best_gpio_controller 1.0.10
bestgpiocontroller 1.0.10
better-auth-nuxt 0.0.10
bidirectional-adapter 1.2.2|1.2.3|1.2.4
bidirectional-adapter 1.2.2|1.2.4|1.2.5|1.2.3
blinqio-executions-cli 1.0.41
blob-to-base64 1.0.3
buffered-interpolation-babylon6 0.2.8
bun-plugin-httpfile 0.1.1
bytecode-checker-cli 1.0.11|1.0.8|1.0.9|1.0.10
bytes-to-x 1.0.1
calc-loan-interest 1.0.4
capacitor-plugin-apptrackingios 0.0.21
capacitor-plugin-purchase 0.1.1
capacitor-plugin-scgssigninwithgoogle 0.0.5
capacitor-purchase-history 0.0.10
capacitor-voice-recorder-wav 6.0.3
ceviz 0.0.5
chrome-extension-downloads 0.0.3|0.0.4
claude-token-updater 1.0.3
coinmarketcap-api 3.1.2|3.1.3
coinmarketcap-api 3.1.3|3.1.2
colors-regex 2.0.1
command-irail 0.5.4
compare-obj 1.1.1|1.1.2
composite-reducer 1.0.2|1.0.3|1.0.4|1.0.5
composite-reducer 1.0.4|1.0.3|1.0.2|1.0.5
count-it-down 1.0.1|1.0.2
count-it-down 1.0.2|1.0.1
cpu-instructions 0.0.14
create-director-app 0.1.1
create-glee-app 0.2.3|0.2.2
create-hardhat3-app 1.1.4|1.1.3|1.1.1|1.1.2
create-silgi 0.3.1
crypto-addr-codec 0.1.9
css-dedoupe 0.1.2
csv-tool-cli 1.2.1
dashboard-empty-state 1.0.3
designstudiouiux 1.0.1
devstart-cli 1.0.6
dialogflow-es 1.1.4|1.1.3|1.1.1|1.1.2
discord-bot-server 0.1.2
docusaurus-plugin-vanilla-extract 1.0.3
dont-go 1.1.2
dotnet-template 0.0.3|0.0.4
drop-events-on-property-plugin 0.0.2
easypanel-sdk 0.3.2
email-deliverability-tester 1.1.1
enforce-branch-name 1.1.3
esbuild-plugin-brotli 0.2.1
esbuild-plugin-eta 0.1.1
esbuild-plugin-httpfile 0.4.1
eslint-config-nitpicky 4.0.1
eslint-config-trigo 22.0.2
eslint-config-zeallat-base 1.0.4
ethereum-ens 0.8.1
evm-checkcode-cli 1.0.15|1.0.12|1.0.13|1.0.14
exact-ticker 0.3.5
expo-audio-session 0.2.1
expo-router-on-rails 0.0.4
express-starter-template 1.0.10
expressos 1.1.3
fat-fingered 1.0.1|1.0.2
fat-fingered 1.0.2|1.0.1
feature-flip 1.0.1|1.0.2
feature-flip 1.0.2|1.0.1
firestore-search-engine 1.2.3
fittxt 1.0.2|1.0.3
fittxt 1.0.3|1.0.2
flapstacks 1.0.1|1.0.2
flapstacks 1.0.2|1.0.1
flatten-unflatten 1.0.1|1.0.2
flatten-unflatten 1.0.2|1.0.1
formik-error-focus 2.0.1
formik-store 1.0.1
frontity-starter-theme 1.0.1
fuzzy-finder 1.0.5|1.0.6
gate-evm-check-code2 2.0.3|2.0.4|2.0.5|2.0.6
gate-evm-tools-test 1.0.7|1.0.8|1.0.5|1.0.6
gatsby-plugin-antd 2.2.1
gatsby-plugin-cname 1.0.1|1.0.2
gatsby-plugin-cname 1.0.2|1.0.1
generator-meteor-stock 0.1.6
generator-ng-itobuz 0.0.15
get-them-args 1.3.3
github-action-for-generator 2.1.28
github-action-for-generator 2.1.28|2.1.27
gitsafe 1.0.5
go-template 0.1.8|0.1.9
gulp-inject-envs 1.2.1|1.2.2
gulp-inject-envs 1.2.2|1.2.1
haufe-axera-api-client 0.0.2
haufe-axera-api-client 0.0.1|0.0.2
hope-mapboxdraw 0.1.1
hopedraw 1.0.3
hover-design-prototype 0.0.5
httpness 1.0.2|1.0.3
httpness 1.0.3|1.0.2
hyper-fullfacing 1.0.3
hyperterm-hipster 1.0.7
ids-css 1.5.1
ids-enterprise-mcp-server 0.0.2
ids-enterprise-ng 20.1.6
ids-enterprise-typings 20.1.6
image-to-uri 1.0.1|1.0.2
image-to-uri 1.0.2|1.0.1
insomnia-plugin-random-pick 1.0.4
invo 0.2.2
iron-shield-miniapp 0.0.2
ito-button 8.0.3
itobuz-angular 0.0.1
itobuz-angular-auth 8.0.11
itobuz-angular-button 8.0.11
jacob-zuma 1.0.1|1.0.2
jacob-zuma 1.0.2|1.0.1
jaetut-varit-test 1.0.2
jan-browser 0.13.1
jquery-bindings 1.1.2|1.1.3
jquery-bindings 1.1.3|1.1.2
jsonsurge 1.0.7
just-toasty 1.7.1
kill-port 2.0.2|2.0.3
kill-port 2.0.3|2.0.2
kinetix-default-token-list 1.0.5
kns-error-code 1.0.8
korea-administrative-area-geo-json-util 1.0.7
kwami 1.5.9|1.5.10
lang-codes 1.0.1|1.0.2
lang-codes 1.0.2|1.0.1
license-o-matic 1.2.1|1.2.2
license-o-matic 1.2.2|1.2.1
lint-staged-imagemin 1.3.1|1.3.2
lite-serper-mcp-server 0.2.2
lui-vue-test 0.70.9
luno-api 1.2.3
m25-transaction-utils 1.1.16
manual-billing-system-miniapp-api 1.3.1
medusa-plugin-announcement 0.0.3
medusa-plugin-logs 0.0.17
medusa-plugin-momo 0.0.68
medusa-plugin-product-reviews-kvy 0.0.4
medusa-plugin-zalopay 0.0.40
mod10-check-digit 1.0.1
mon-package-react-typescript 1.0.1
my-saeed-lib 0.1.1
n8n-nodes-tmdb 0.5.1
n8n-nodes-vercel-ai-sdk 0.1.7
n8n-nodes-viral-app 0.2.5
nanoreset 7.0.1|7.0.2
nanoreset 7.0.2|7.0.1
next-circular-dependency 1.0.2|1.0.3
next-circular-dependency 1.0.3|1.0.2
next-simple-google-analytics 1.1.1|1.1.2
next-styled-nprogress 1.0.4|1.0.5
ngx-useful-swiper-prosenjit 9.0.2
ngx-wooapi 12.0.1
nitro-graphql 1.5.12
nitro-kutu 0.1.1
nitrodeploy 1.0.8
nitroping 0.1.1
normal-store 1.3.1|1.3.2|1.3.3
normal-store 1.3.1|1.3.4|1.3.3|1.3.2
nuxt-keycloak 0.2.2
obj-to-css 1.0.2|1.0.3
obj-to-css 1.0.3|1.0.2
okta-react-router-6 5.0.1
open2internet 0.1.1
orbit-boxicons 2.1.3
orbit-nebula-draw-tools 1.0.10
orbit-nebula-editor 1.0.2
orbit-soap 0.43.13
orchestrix 12.1.2
package-tester 1.0.1
parcel-plugin-asset-copier 1.1.2|1.1.3
parcel-plugin-asset-copier 1.1.3|1.1.2
pdf-annotation 0.0.2
pergel 0.13.2
pergeltest 0.0.25
piclite 1.0.1
pico-uid 1.0.3|1.0.4
pico-uid 1.0.4|1.0.3
pkg-readme 1.1.1
poper-react-sdk 0.1.2
posthog-docusaurus 2.0.6
posthog-js 1.297.3
posthog-node 4.18.1|5.13.3|5.11.3
posthog-plugin-hello-world 1.0.1
posthog-react-native 4.11.1|4.12.5
posthog-react-native-session-replay 1.2.2
prime-one-table 0.0.19
prompt-eng 1.0.50
puny-req 1.0.3
quickswap-ads-list 1.0.33
quickswap-default-staking-list 1.0.11
quickswap-default-staking-list-address 1.0.55
quickswap-router-sdk 1.0.1
quickswap-sdk 3.0.44
quickswap-smart-order-router 1.0.1
quickswap-token-lists 1.0.3
quickswap-v2-sdk 2.0.1
ra-auth-firebase 1.0.3
ra-data-firebase 1.0.8|1.0.7
react-component-taggers 0.1.9
react-data-to-export 1.0.1
react-element-prompt-inspector 0.1.18
react-favic 1.0.2
react-hook-form-persist 3.0.1|3.0.2
react-hook-form-persist 3.0.2|3.0.1
react-jam-icons 1.0.1|1.0.2
react-jam-icons 1.0.2|1.0.1
react-keycloak-context 1.0.8|1.0.9
react-library-setup 0.0.6
react-linear-loader 1.0.2
react-micromodal.js 1.0.1|1.0.2
react-micromodal.js 1.0.2|1.0.1
react-native-datepicker-modal 1.3.1|1.3.2
react-native-email 2.1.1|2.1.2
react-native-fetch 2.0.1|2.0.2
react-native-get-pixel-dimensions 1.0.1|1.0.2
react-native-get-pixel-dimensions 1.0.2|1.0.1
react-native-google-maps-directions 2.1.2
react-native-jam-icons 1.0.1|1.0.2
react-native-jam-icons 1.0.2|1.0.1
react-native-log-level 1.2.1|1.2.2
react-native-log-level 1.2.2|1.2.1
react-native-modest-checkbox 3.3.1
react-native-modest-storage 2.1.1
react-native-phone-call 1.2.1|1.2.2
react-native-phone-call 1.2.2|1.2.1
react-native-retriable-fetch 2.0.1|2.0.2
react-native-use-modal 1.0.3
react-native-view-finder 1.2.1|1.2.2
react-native-view-finder 1.2.2|1.2.1
react-native-websocket 1.0.3|1.0.4
react-native-websocket 1.0.4|1.0.3
react-native-worklet-functions 3.3.3
react-packery-component 1.0.3
react-qr-image 1.1.1
react-scrambled-text 1.0.4
rediff 1.0.5
rediff-viewer 0.0.7
redux-router-kit 1.2.2|1.2.4|1.2.3
revenuecat 1.0.1
rollup-plugin-httpfile 0.2.1
sa-company-registration-number-regex 1.0.1|1.0.2
sa-company-registration-number-regex 1.0.2|1.0.1
sa-id-gen 1.0.4|1.0.5
samesame 1.0.3
scgs-capacitor-subscribe 1.0.11
scgsffcreator 1.0.5
schob 1.0.3
set-nested-prop 2.0.1|2.0.2
shelf-jwt-sessions 0.1.2
shell-exec 1.1.3|1.1.4
shell-exec 1.1.4|1.1.3
shinhan-limit-scrap 1.0.3
silgi 0.43.30
simplejsonform 1.0.1
skills-use 0.1.2|0.1.1
solomon-api-stories 1.0.2
solomon-v3-stories 1.15.6
solomon-v3-ui-wrapper 1.6.1
soneium-acs 1.0.1
sort-by-distance 2.0.1
south-african-id-info 1.0.2
stat-fns 1.0.1
stoor 2.3.2
sufetch 0.4.1
super-commit 1.0.1
svelte-autocomplete-select 1.1.1
svelte-toasty 1.1.2|1.1.3
svelte-toasty 1.1.3|1.1.2
tanstack-shadcn-table 1.1.5
tavily-module 1.0.1
tcsp 2.0.2
tcsp-draw-test 1.0.5
tcsp-test-vd 2.4.4
template-lib 1.1.3|1.1.4
template-lib 1.1.4|1.1.3
template-micro-service 1.0.2|1.0.3
template-micro-service 1.0.3|1.0.2
tenacious-fetch 2.3.2|2.3.3
tenacious-fetch 2.3.3|2.3.2
test-foundry-app 1.0.4|1.0.3|1.0.2|1.0.1
test-hardhat-app 1.0.4|1.0.3|1.0.2|1.0.1
test23112222-api 1.0.1
tiaan 1.0.2
tiptap-shadcn-vue 0.2.1
token.js-fork 0.7.32
toonfetch 0.3.2
trigo-react-app 4.1.2
ts-relay-cursor-paging 2.1.1
typeface-antonio-complete 1.0.5
typefence 1.2.2|1.2.3
typeorm-orbit 0.2.27
unadapter 0.1.3
undefsafe-typed 1.0.4
undefsafe-typed 1.0.4|1.0.3
unemail 0.3.1
uniswap-router-sdk 1.6.2
uniswap-smart-order-router 3.16.26
uniswap-test-sdk-core 4.0.8
unsearch 0.0.3
uplandui 0.5.4
upload-to-play-store 1.0.1|1.0.2
upload-to-play-store 1.0.2|1.0.1
url-encode-decode 1.0.1|1.0.2
url-encode-decode 1.0.2|1.0.1
use-unsaved-changes 1.0.9
v-plausible 1.2.1
valid-south-african-id 1.0.3
valuedex-sdk 3.0.5
vf-oss-template 1.0.4|1.0.3|1.0.2|1.0.1
victoria-wallet-constants 0.1.1
victoria-wallet-core 0.1.1
victoria-wallet-type 0.1.1
victoria-wallet-utils 0.1.1
victoria-wallet-validator 0.1.1
victoriaxoaquyet-wallet-core 0.2.1
vite-plugin-httpfile 0.2.1
vue-browserupdate-nuxt 1.0.5
wallet-evm 0.3.1
wallet-type 0.1.1
web-scraper-mcp 1.1.4
web-types-htmx 0.1.1
web-types-lit 0.1.1
webpack-loader-httpfile 0.2.1
wellness-expert-ng-gallery 5.1.1
wenk 1.0.9|1.0.10
zapier-async-storage 1.0.3|1.0.2|1.0.1
zapier-platform-cli 18.0.4|18.0.3|18.0.2
zapier-platform-core 18.0.4|18.0.3|18.0.2
zapier-platform-schema 18.0.4|18.0.3|18.0.2
zapier-scripts 7.8.3|7.8.4
zuper-cli 1.0.1
zuper-sdk 1.0.57
zuper-stream 2.0.9

More information from the world

Shai-Hulud 2.0: What executives need to know about the supply-chain worm (Nov 24, 2025)

Leave a Reply