Get immediate answers and hands-on help from Upwind’s MDR team in response to the latest npm supply chain threat.
Our hotline is currently closed. However, our support team is available 24/7. For immediate assistance, please fill out the form below or contact us at [email protected]. We will be in touch.
The “Shai Hulud 2.0” campaign is one of the most aggressive npm supply-chain attacks to date, introducing a fully automated worm that rapidly spreads across maintainers, repositories, and dependency graphs.
More than 25,000 repositories tied to hundreds of developers have already been affected, driven by malicious preinstall scripts, workflow injections, and forced repository migrations used to harvest credentials and republish altered packages at scale.
If you’re unsure whether your pipelines, package dependencies, or workflows have been affected, or just want expert help understanding what to look for, the Upwind team is here 24/7 to help you live.
Our MDR Team is available to:
- Analyze suspicious behavior across your environments
- Help identify potential compromise
- Review dependency chains and CI activity for signs of impact
- Walk you through Upwind’s real-time detection insights
If you are a customer and need immediate support, reach out directly to your account manager or using the inbuilt chat widget on the platform to jump on with our security experts right now.
Read the full breakdown and affected packages from the Upwind Research team: Here