Unfolding the npm Supply Chain Attacks: From Shai Hulud to Systemic Risk
In this expert-led session, Upwind's threat research team and James Berthoty dissect a recent, high-impact npm supply chain attack, from the initial phishing vector to malicious package versions, worm-like spread, and crypto-mining payloads.
You'll get a detailed breakdown of the attack timeline, code analysis, and a technical walkthrough of why traditional scanning tools failed to detect it. Most importantly, we focus on actionable defenses: from dependency pinning and CI/CD hardening to secret rotation and real-time runtime threat detection.
If you're a developer, AppSec engineer, or part of a DevSecOps team, this session will help you level up your supply chain security strategy and improve incident response speed for future npm-based threats.
