Techly NewsGet the app

Get the latest tech news

Shai-Hulud compromised a dev machine and raided GitHub org access: a post-mortem


On November 25th, one of our engineers was compromised by the Shai-Hulud npm supply chain worm. Here's what happened, how we responded, and what we've changed.

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of GitHub

GitHub

Photo of shai-hulud

shai-hulud

Photo of dev machine

dev machine

Related news:

News photo

Days since last GitHub incident

News photo

GitHub no longer uses Toasts

News photo

GitHub Actions has a package manager, and it might be the worst

« Using Git add -p for fun (and profit)
Willison on Merchant's "Copywriters reveal how AI has decimated their industry" »