The Holiday Whisper: Shai-Hulud 3.0

Published: 2 weeks ago (December 29, 2025 at 12:00 AM EST)

1 min read

Source: Snyk Blog

Shai‑Hulud Variant “The Golden Path” Targets npm

A refined variant of the Shai‑Hulud malware, dubbed The Golden Path, has been discovered targeting the npm ecosystem during the holiday season. Security teams are encouraged to prioritize structural hardening—such as disabling lifecycle scripts—to mitigate risks during this testing phase.

Back to Blog

Beyond Detection: Building a Resilient Software Supply Chain (Lessons from the Shai-Hulud Post-Mortem)

The Shai-Hulud npm incident exposed the limitations of reactive security in modern software supply chains. To survive the next major attack, organizations must...

Secure by Default: Why Snyk and Augment Code are the New Standard for AI Development

Snyk and Augment Code have partnered to deliver real-time security scanning and autonomous remediation directly within AI-powered development workflows, allowin...

The Next DevOps Frontier: Governing Models, Agents and Code

Anaconda CEO David DeSanto explores what it takes to make AI-native development practical, secure and scalable for modern engineering teams. DeSanto reflects on...

Human Native is joining Cloudflare

Cloudflare acquires Human Native, an AI data marketplace specialising in transforming content into searchable and useful data, to accelerate work building new e...

Shai‑Hulud Variant “The Golden Path” Targets npm

Related posts

Beyond Detection: Building a Resilient Software Supply Chain (Lessons from the Shai-Hulud Post-Mortem)

Secure by Default: Why Snyk and Augment Code are the New Standard for AI Development

The Next DevOps Frontier: Governing Models, Agents and Code

Human Native is joining Cloudflare