Cve/mini Shai Hulud
@swamp/cve/mini-shai-huludv2026.06.04.2
01README
Scans deno.lock and package-lock.json files for npm packages compromised
in the May 2026 "Mini Shai-Hulud" supply chain attack (317 packages
hijacked via the atool npm account).
The payload features credential harvesting, dual exfiltration channels, and persistence mechanisms targeting AI agents and CI/CD systems. High-impact packages include size-sensor (4.2M downloads/month), echarts-for-react (3.8M), @antv/scale (2.2M), and timeago.js (1.15M).
Quick Start
swamp model @swamp/cve/mini-shai-hulud method run scan lockfile-check \
--input lockfilePath=./deno.lockMethods
scan— scan a deno.lock or package-lock.json and report each package as clean or COMPROMISED (pass lockfilePath via --input)
What It Checks
All 317 packages and their known malicious versions from the SafeDep advisory. The compromised version list is embedded — no network calls required.
Source: https://safedep.io/mini-shai-hulud-strikes-again-314-npm-packages-compromised/
02Models
mini_shai_hulud_detect.tsv2026.06.04.2
fn scan()
Scan a deno.lock or package-lock.json for packages compromised in the May 2026 Mini Shai-Hulud npm supply chain attack
03Reports
@swamp/cve/mini-shai-hulud-reportmethod
mini_shai_hulud_scan_report.ts
Reports on Mini Shai-Hulud npm supply chain scan results
securitysupply-chain
04Previous Versions
2026.06.04.1Jun 3, 2026
2026.05.19.1May 19, 2026
05Stats
A
100 / 100
Downloads
10
Archive size
16.6 KB
Verified by Swamp
- Has README or module doc2/2earned
- README has a code example1/1earned
- README is substantive1/1earned
- Most symbols documented1/1earned
- No slow types (deprecated)1/1earned
- Dependencies pass trust audit2/2earned
- Has description1/1earned
- Platform support declared (or universal)2/2earned
- License declared1/1earned
- Verified public repository2/2earned
06Platforms
07Labels