npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

shai-scanner

v3.6.1

Published

Shai-Hulud Supply Chain Vulnerability Scanner - Detect compromised npm packages from the Shai-Hulud attacks (v1, v2, v3)

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

asx86asx86

Keywords

securitynpmsupply-chainvulnerabilityscannershai-huludmalwaredune

Readme

Shai-Scanner

Detect npm packages compromised by Shai-Hulud supply chain attacks (v1, v2, v3)

A terminal UI scanner built with React Ink to detect malicious npm packages from the Shai-Hulud attack campaigns.

Security Status

$ npm audit

found 0 vulnerabilities

Tech Stack

| Category | Technology | |----------|------------| | Runtime | Node.js 18+, Bun | | Language | TypeScript 5.6 | | UI Framework | React 18 + Ink 5 (terminal UI) | | CLI | Commander 12 | | Styling | Chalk 5 | | Build | tsup, tsx |

Installation

# Run directly with npx (no install needed)
npx shai-scanner

# Or install globally
npm install -g shai-scanner
shai-scanner

Features

  • 🎨 Beautiful TUI - Dark hacker theme with animated sandworm
  • 🔄 Auto-update - Fetches latest IOCs from Datadog on startup
  • 📦 537+ packages - Full IOC database from official sources
  • Fast scanning - Recursive node_modules discovery
  • 🖥️ Cross-platform - Works on Linux, macOS, Windows
  • 📊 CLI mode - For CI/CD integration with JSON output

Usage

Interactive TUI (default)

npx shai-scanner

Quick Package Check

npx shai-scanner --check @asyncapi/[email protected]
# 🚨 @asyncapi/[email protected] is COMPROMISED!

npx shai-scanner --check [email protected]
# ✅ [email protected] is not in the vulnerability database

CLI Mode (for CI/CD)

# Scan current directory
npx shai-scanner --no-tui --scan .

# Scan specific paths
npx shai-scanner --no-tui --scan /path/to/project1 /path/to/project2

# Scan all common npm locations
npx shai-scanner --no-tui --scan-all

# JSON output for pipelines
npx shai-scanner --no-tui --scan . --json

# Offline mode (no network calls / no database updates)
npx shai-scanner --no-tui --scan . --offline

Update Database

npx shai-scanner --update

# JSON output (CI)
npx shai-scanner --update --json

Exit Codes

  • 0 - No vulnerabilities found
  • 1 - Vulnerabilities detected (or package is compromised)

GitHub Actions Integration

name: Security Scan

on: [push, pull_request]

jobs:
  shai-hulud-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'
      
      - name: Install dependencies
        run: npm ci
      
      - name: Scan for Shai-Hulud
        run: npx shai-scanner --no-tui --scan .

What is Shai-Hulud?

Shai-Hulud 3.0 (December 2025)

The latest wave targeting @vietmoney/* packages with new payloads:

  • bun_installer.js and environment_source.js IOCs
  • 9+ packages confirmed compromised or flagged
  • Confirmed: @vietmoney/[email protected]

Shai-Hulud 2.0 (November 2025)

A massive npm supply chain attack that compromised 700+ packages from:

  • PostHog, AsyncAPI, ENS Domains
  • Browserbase, Zapier, Anthropic AI
  • Accord Project, and many more

Attack Capabilities

The malware can:

  • Steal credentials (npm tokens, AWS keys, GitHub PATs)
  • Run TruffleHog to find secrets
  • Exfiltrate data to public GitHub repos
  • Install persistent backdoors via GitHub Actions
  • Self-replicate by infecting other npm packages
  • Delete your home directory if blocked

Data Sources

This scanner uses official IOC data from:

If You're Compromised

  1. Remove affected packages immediately
  2. Rotate ALL credentials:
    • npm tokens
    • GitHub PATs
    • AWS/GCP/Azure keys
    • Any API keys in .env files
  3. Check GitHub for repositories named "Shai-Hulud"
  4. Audit GitHub Actions for on: discussion triggers
  5. Search for setup_bun.js and bun_environment.js files
  6. Check for .dev-env/ directories

License

MIT

Credits