OreNPMGuard v2.0.0 – OSS for Shai-Hulud 2.0 NPM supply chain attack

1 points by ahsansmir 3 hours ago

Shai-Hulud 2.0 emerged in November 2025, compromising 738 npm packages and affecting 25,000+ repositories. This is an evolution of the September 2025 attack with new attack vectors:

- Uses `preinstall` hooks (executes earlier than `postinstall`) - Creates malicious GitHub workflows with self-hosted runners - Attempts Docker privilege escalation - Targets multi-cloud credentials

OreNPMGuard v2.0.0 detects both the original and 2.0 variants, scanning for: - 1,291 unique compromised package@version combinations - Malicious hooks, payload files, GitHub workflows - Docker privilege escalation patterns - All known IoCs

Available in Python and Node.js, with GitHub Actions integration.

GitHub: https://github.com/rapticore/OreNPMGuard Threat research: https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack

If you've installed any affected packages, rotate your credentials immediately.