SHA1-Hulud

Shai-Hulud npm Worm Exposes 25,000+ GitHub Repos Through Trojanized Packages

The new variant executes during npm's preinstall stage to harvest developer and CI/CD credentials.