The JavaScript community is grappling with a new software supply-chain attack: a malware dubbed Shai-Hulud has poisoned hundreds of packages in the npm registry. This malicious campaign – referred to by its authors as “Sha1-Hulud: The Second Coming” – exceeds the scale of the worm’s first appearance in September 2025. Over the span of a…
