Live Updates: Shai-Hulud, the Most Dangerous Npm Breach in History
Posted4 months agoActive4 months ago
koi.securityTechstory
calmnegative
Debate
20/100
NpmSupply Chain AttackSecurity
Key topics
Npm
Supply Chain Attack
Security
A major NPM breach, dubbed 'Shai-hulud', is being discussed on HN, with users sharing updates and concerns about the potential impact on package maintainers and the security community.
Snapshot generated from the HN discussion
Discussion Activity
Light discussionFirst comment
20m
Peak period
3
0-1h
Avg / period
3
Key moments
- 01Story posted
Sep 16, 2025 at 2:26 PM EDT
4 months ago
Step 01 - 02First comment
Sep 16, 2025 at 2:46 PM EDT
20m after posting
Step 02 - 03Peak activity
3 comments in 0-1h
Hottest window of the conversation
Step 03 - 04Latest activity
Sep 16, 2025 at 3:09 PM EDT
4 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Discussion (3 comments)
Showing 3 comments
btown
4 months ago
1 replyLarger discussion thread here: https://news.ycombinator.com/item?id=45260741
293984j29384
4 months ago
I scanned this discussion looking for a way to tell if you've been compromised but nothing jumped out.
bikeshaving
4 months ago
If you’re a package maintainer, please defensively revoke all NPM and GitHub tokens. This is a worm which is still spreading and you probably don’t want to publish anything today anyways, so you might as well use this incident as an opportunity to rotate everything.
View full discussion on Hacker News
ID: 45265937Type: storyLast synced: 11/20/2025, 5:28:51 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.