Zero-Day Vulnerability Alert

This page provides the complete list of npm packages impacted by the Shai-Hulud supply chain attack – Sep 2025, which involved the publication of malicious package versions containing code designed to harvest developer tokens and exfiltrate secrets.

You can use this list to identify compromised versions and take remediation actions.

For more details, please view our public blog post: “Zero-day Extensive NPM Package Compromise – Shai-Hulud Supply Chain Attack.”

Packages affected by zero-day vulnerabilities

Showing 30 of 200 • Page 1 of 7

- C
Embedded Malicious Code in @ahmedhfarag/ngx-perfect-scrollbar (npm)
Versions: 20.0.20
- C
Embedded Malicious Code in @ahmedhfarag/ngx-virtual-scroller (npm)
Versions: 4.0.4
- C
Embedded Malicious Code in @art-ws/common (npm)
Versions: 2.0.22, 2.0.27, 2.0.28
- C
Embedded Malicious Code in @art-ws/config-eslint (npm)
Versions: 2.0.4, 2.0.5
- C
Embedded Malicious Code in @art-ws/config-ts (npm)
Versions: 2.0.7, 2.0.8
- C
Embedded Malicious Code in @art-ws/db-context (npm)
Versions: 2.0.21, 2.0.23, 2.0.24
- C
Embedded Malicious Code in @art-ws/di (npm)
Versions: 2.0.28, 2.0.32
- C
Embedded Malicious Code in @art-ws/di-node (npm)
Versions: 2.0.13
- C
Embedded Malicious Code in @art-ws/eslint (npm)
Versions: 1.0.5, 1.0.6
- C
Embedded Malicious Code in @art-ws/fastify-http-server (npm)
Versions: 2.0.24, 2.0.26, 2.0.27
- C
Embedded Malicious Code in @art-ws/http-server (npm)
Versions: 2.0.21, 2.0.24, 2.0.25
- C
Embedded Malicious Code in @art-ws/openapi (npm)
Versions: 0.1.9, 0.1.11, 0.1.12
- C
Embedded Malicious Code in @art-ws/package-base (npm)
Versions: 1.0.5, 1.0.6
- C
Embedded Malicious Code in @art-ws/prettier (npm)
Versions: 1.0.5, 1.0.6
- C
Embedded Malicious Code in @art-ws/slf (npm)
Versions: 2.0.15, 2.0.22
- C
Embedded Malicious Code in @art-ws/ssl-info (npm)
Versions: 1.0.9, 1.0.10
- C
Embedded Malicious Code in @art-ws/web-app (npm)
Versions: 1.0.3, 1.0.4
- C
Embedded Malicious Code in @basic-ui-components-stc/basic-ui-components (npm)
Versions: 1.0.5
- C
Embedded Malicious Code in @crowdstrike/commitlint (npm)
Versions: 8.1.1, 8.1.2
- C
Embedded Malicious Code in @crowdstrike/falcon-shoelace (npm)
Versions: 0.4.1, 0.4.2
- C
Embedded Malicious Code in @crowdstrike/foundry-js (npm)
Versions: 0.19.1, 0.19.2
- C
Embedded Malicious Code in @crowdstrike/glide-core (npm)
Versions: 0.34.2, 0.34.3
- C
Embedded Malicious Code in @crowdstrike/logscale-dashboard (npm)
Versions: 1.205.1, 1.205.2
- C
Embedded Malicious Code in @crowdstrike/logscale-file-editor (npm)
Versions: 1.205.1, 1.205.2
- C
Embedded Malicious Code in @crowdstrike/logscale-parser-edit (npm)
Versions: 1.205.1, 1.205.2
- C
Embedded Malicious Code in @crowdstrike/logscale-search (npm)
Versions: 1.205.1, 1.205.2
- C
Embedded Malicious Code in @crowdstrike/tailwind-toucan-base (npm)
Versions: 5.0.1, 5.0.2
- C
Embedded Malicious Code in @ctrl/deluge (npm)
Versions: 7.2.1, 7.2.2
- C
Embedded Malicious Code in @ctrl/golang-template (npm)
Versions: 1.4.2, 1.4.3
- C
Embedded Malicious Code in @ctrl/magnet-link (npm)
Versions: 4.0.3, 4.0.4

Page 1 of 7