Cve/mini Shai Hulud
@swamp/cve/mini-shai-huludv2026.05.19.1
01README
Scans deno.lock and package-lock.json files for npm packages compromised
in the May 2026 "Mini Shai-Hulud" supply chain attack (317 packages
hijacked via the atool npm account).
The payload features credential harvesting, dual exfiltration channels, and persistence mechanisms targeting AI agents and CI/CD systems. High-impact packages include size-sensor (4.2M downloads/month), echarts-for-react (3.8M), @antv/scale (2.2M), and timeago.js (1.15M).
Quick Start
swamp model @swamp/cve/mini-shai-hulud method run scan lockfile-check \
--input lockfilePath=./deno.lockMethods
scan— scan a deno.lock or package-lock.json and report each package as clean or COMPROMISED (pass lockfilePath via --input)
What It Checks
All 317 packages and their known malicious versions from the SafeDep advisory. The compromised version list is embedded — no network calls required.
Source: https://safedep.io/mini-shai-hulud-strikes-again-314-npm-packages-compromised/
02Models
@swamp/cve/mini-shai-huludv2026.05.19.1mini_shai_hulud_detect.ts
fn scan()
Scan a deno.lock or package-lock.json for packages compromised in the May 2026 Mini Shai-Hulud npm supply chain attack
Resources
scanResult(infinite)— Scan results for a lockfile checked against the Mini Shai-Hulud compromised package list
03Reports
@swamp/cve/mini-shai-hulud-reportmethod
mini_shai_hulud_scan_report.ts
Reports on Mini Shai-Hulud npm supply chain scan results
securitysupply-chain
04Stats
A
100 / 100
Downloads
8
Archive size
13.1 KB
Verified by Swamp
- Has README or module doc2/2earned
- README has a code example1/1earned
- README is substantive1/1earned
- Most symbols documented1/1earned
- No slow types1/1earned
- Has description1/1earned
- Platform support declared (or universal)2/2earned
- License declared1/1earned
- Verified public repository2/2earned
05Platforms
06Labels