How attackers infiltrated the npm ecosystem, what Check Point researchers uncovered, and how organizations can protect their development pipelines. The Shai-Hulud 2.0 campaign, referred to by its operators as The Second Coming, is one of the most extensive and fast moving npm supply chain attacks observed in recent years. Between 21 and 23 November 2025, the attackers compromised hundreds of npm packages and more than 25,000 GitHub repositories in only a few hours. Unlike traditional malware that activates after installation, this campaign abuses the npm preinstall lifecycle script, allowing the malicious payload to run before installation completes and even when […]
The post Shai-Hulud 2.0: Inside The Second Coming, the Most Aggressive NPM Supply Chain Attack of 2025 appeared first on Check Point Blog.
Read the original article: