Patrizio Bertozzi xpicio
xpicio
/ check-shai-hulud.sh
Last active
November 25, 2025 15:02
Scans Node.js projects for potentially compromised packages from the Shai-Hulud 2.0 attack
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # ============================================================================= | |
| # Shai-Hulud 2.0 Supply Chain Attack Scanner | |
| # ============================================================================= | |
| # Scans Node.js projects for potentially compromised packages from the | |
| # Shai-Hulud 2.0 attack documented at: | |
| # https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack | |
| # | |
| # Uses Trivy (via Docker) to parse lockfiles and generate SBOM |