Skip to main content

Cve/mini Shai Hulud

@swamp/cve/mini-shai-huludv2026.06.04.2· 1mo agoMODELSREPORTS
01README

Scans deno.lock and package-lock.json files for npm packages compromised in the May 2026 "Mini Shai-Hulud" supply chain attack (317 packages hijacked via the atool npm account).

The payload features credential harvesting, dual exfiltration channels, and persistence mechanisms targeting AI agents and CI/CD systems. High-impact packages include size-sensor (4.2M downloads/month), echarts-for-react (3.8M), @antv/scale (2.2M), and timeago.js (1.15M).

Quick Start

swamp model @swamp/cve/mini-shai-hulud method run scan lockfile-check \
  --input lockfilePath=./deno.lock

Methods

  • scan — scan a deno.lock or package-lock.json and report each package as clean or COMPROMISED (pass lockfilePath via --input)

What It Checks

All 317 packages and their known malicious versions from the SafeDep advisory. The compromised version list is embedded — no network calls required.

Source: https://safedep.io/mini-shai-hulud-strikes-again-314-npm-packages-compromised/

02Models1
mini_shai_hulud_detect.tsv2026.06.04.2
fn scan()
Scan a deno.lock or package-lock.json for packages compromised in the May 2026 Mini Shai-Hulud npm supply chain attack
03Reports1
@swamp/cve/mini-shai-hulud-reportmethod
mini_shai_hulud_scan_report.ts

Reports on Mini Shai-Hulud npm supply chain scan results

securitysupply-chain
04Previous Versions2
2026.06.04.1Jun 3, 2026
2026.05.19.1May 19, 2026
05Stats
A
100 / 100
Downloads
10
Archive size
16.6 KB
Verified by Swamp
  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types (deprecated)1/1earned
  • Dependencies pass trust audit2/2earned
  • Has description1/1earned
  • Platform support declared (or universal)2/2earned
  • License declared1/1earned
  • Verified public repository2/2earned
06Platforms
07Labels