Shai-Hulud is Back, and npm Maintainer Accounts Are Still the Soft Target
Source: Sonatype
Published:
<p>Why bother hunting for a CVE when you can just publish malicious code straight into the software supply chain? That’s the story behind the latest wave of Shai-Hulud-related npm compromises, which recently hit the Ant Design (AntV) ecosystem and potentially exposed downstream developers to credent