Shai-Hulud worm

mentions 1 type Person feed RSS

// recent coverage 1 mentions

14:35

2026-06-18

dev.to

developer-tools

One npm Account Publishes 964 Million Downloads Per Week. None Have Provenance.

The npm account 'ai' publishes seven packages that collectively receive 964 million weekly downloads, yet none have npm provenance attestations. This single-publisher, no-provenance pattern mirrors re…

// co-occurs with top 7 entities

npm 1 PostCSS 1 axios 1 LiteLLM 1 GitHub Actions 1 Commit 1 fast-xml-parser 1