Nov 24, 2025 at 1:06 PM EST

OreNPMGuard v2.0.0 – OSS for Shai-Hulud 2.0 NPM supply chain attack

1 points

0 comments

Mood

informative

Sentiment

negative

Category

security

Key topics

Supply Chain Attack

Npm

Security

Open Source Software

Shai-Hulud 2.0 emerged in November 2025, compromising 738 npm packages and affecting 25,000+ repositories. This is an evolution of the September 2025 attack with new attack vectors:

- Uses `preinstall` hooks (executes earlier than `postinstall`) - Creates malicious GitHub workflows with self-hosted runners - Attempts Docker privilege escalation - Targets multi-cloud credentials

OreNPMGuard v2.0.0 detects both the original and 2.0 variants, scanning for: - 1,291 unique compromised package@version combinations - Malicious hooks, payload files, GitHub workflows - Docker privilege escalation patterns - All known IoCs

Available in Python and Node.js, with GitHub Actions integration.

GitHub: https://github.com/rapticore/OreNPMGuard Threat research: https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack

If you've installed any affected packages, rotate your credentials immediately.

Discussion Activity

No activity data yet

We're still syncing comments from Hacker News.

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (0 comments)

Discussion hasn't started yet.

ID: 46037041Type: storyLast synced: 11/24/2025, 6:08:09 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.