A renewed and intensified npm supply chain attack campaign linked to the original Shai-Hulud malware is making headlines. This campaign, active from November 21 to 23, 2025, comprises popular npm packages from major publishers, including Maven, Zapier, ENS Domains, PostHog, and Postman. The attackers insert malicious code that executes during the npm package preinstall phase, increasing exposure to both developer machines and CI/CD pipelines
This new variant drops files such as setup_bun.js and bun_environment.js, and steals secrets from compromised environments, including API keys, GitHub Personal Access Tokens, and cloud credentials. The stolen credentials are exfiltrated to attacker-controlled GitHub repositories named “Shai-Hulud,” which are actively being created and removed, indicating ongoing attacker activity. It is interesting to note that the cross-victim secret exfiltration has been observed, where secrets from one victim end up in repositories controlled by another victim, expanding the risk.
The number of affected packages is in the hundreds, with over 25,000 repositories impacted. The attackers exhibit a high cadence of activity, with new malicious repositories emerging frequently, sometimes every 30 minutes.
Security teams are advised to audit and remove compromised packages immediately, clear npm caches, rotate all credentials (npm, GitHub, cloud providers), enforce phishing-resistant MFA, and audit CI/CD environments for suspicious workflows and repositories. Hardening pipelines by restricting lifecycle scripts and limiting network access from build systems is also recommended to mitigate further spread.
This campaign represents a significant evolution in npm supply chain threats, as it automates credential theft before the installation phase, resulting in broader and earlier code execution than the earlier post-install variant. The attackers’ automated and worm-like propagation is designed to scale rapidly without direct human intervention, increasing the severity and scope of impact across the JavaScript ecosystem and cloud environments worldwide.
Affected Packages and Versions
| S. No | Package | Version |
| 1 | 02-echo | = 0.0.7 |
| 2 | @accordproject/concerto-analysis | = 3.24.1 |
| 3 | @accordproject/concerto-linter | = 3.24.1 |
| 4 | @accordproject/concerto-linter-default-ruleset | = 3.24.1 |
| 5 | @accordproject/concerto-metamodel | = 3.12.5 |
| 6 | @accordproject/concerto-types | = 3.24.1 |
| 7 | @accordproject/markdown-it-cicero | = 0.16.26 |
| 8 | @accordproject/template-engine | = 2.7.2 |
| 9 | @actbase/css-to-react-native-transform | = 1.0.3 |
| 10 | @actbase/native | = 0.1.32 |
| 11 | @actbase/node-server | = 1.1.19 |
| 12 | @actbase/react-absolute | = 0.8.3 |
| 13 | @actbase/react-daum-postcode | = 1.0.5 |
| 14 | @actbase/react-kakaosdk | = 0.9.27 |
| 15 | @actbase/react-native-actionsheet | = 1.0.3 |
| 16 | @actbase/react-native-devtools | = 0.1.3 |
| 17 | @actbase/react-native-fast-image | = 8.5.13 |
| 18 | @actbase/react-native-kakao-channel | = 1.0.2 |
| 19 | @actbase/react-native-kakao-navi | = 2.0.4 |
| 20 | @actbase/react-native-less-transformer | = 1.0.6 |
| 21 | @actbase/react-native-naver-login | = 1.0.1 |
| 22 | @actbase/react-native-simple-video | = 1.0.13 |
| 23 | @actbase/react-native-tiktok | = 1.1.3 |
| 24 | @afetcan/api | = 0.0.13 |
| 25 | @afetcan/storage | = 0.0.27 |
| 26 | @alaan/s2s-auth | = 2.0.3 |
| 27 | @alexadark/amadeus-api | = 1.0.4 |
| 28 | @alexadark/gatsby-theme-events | = 1.0.1 |
| 29 | @alexadark/gatsby-theme-wordpress-blog | = 2.0.1 |
| 30 | @alexadark/reusable-functions | = 1.5.1 |
| 31 | @alexcolls/nuxt-socket.io | = 0.0.7 || = 0.0.8 |
| 32 | @alexcolls/nuxt-ux | = 0.6.1 || = 0.6.2 |
| 33 | @antstackio/eslint-config-antstack | = 0.0.3 |
| 34 | @antstackio/express-graphql-proxy | = 0.2.8 |
| 35 | @antstackio/graphql-body-parser | = 0.1.1 |
| 36 | @antstackio/json-to-graphql | = 1.0.3 |
| 37 | @antstackio/shelbysam | = 1.1.7 |
| 38 | @aryanhussain/my-angular-lib | = 0.0.23 |
| 39 | @asyncapi/avro-schema-parser | = 3.0.25 || = 3.0.26 |
| 40 | @asyncapi/bundler | = 0.6.5 || = 0.6.6 |
| 41 | @asyncapi/cli | = 4.1.3 || = 4.1.2 |
| 42 | @asyncapi/converter | = 1.6.3 || = 1.6.4 |
| 43 | @asyncapi/diff | = 0.5.1 || = 0.5.2 |
| 44 | @asyncapi/dotnet-rabbitmq-template | = 1.0.2 || = 1.0.1 |
| 45 | @asyncapi/edavisualiser | = 1.2.2 || = 1.2.1 |
| 46 | @asyncapi/generator | = 2.8.5 || = 2.8.6 |
| 47 | @asyncapi/generator-components | = 0.3.2 || = 0.3.3 |
| 48 | @asyncapi/generator-helpers | = 0.2.1 || = 0.2.2 |
| 49 | @asyncapi/generator-react-sdk | = 1.1.5 || = 1.1.4 |
| 50 | @asyncapi/go-watermill-template | = 0.2.77 || = 0.2.76 |
| 51 | @asyncapi/html-template | = 3.3.2 || = 3.3.3 |
| 52 | @asyncapi/java-spring-cloud-stream-template | = 0.13.5 || = 0.13.6 |
| 53 | @asyncapi/java-spring-template | = 1.6.2 || = 1.6.1 |
| 54 | @asyncapi/java-template | = 0.3.6 || = 0.3.5 |
| 55 | @asyncapi/keeper | = 0.0.2 || = 0.0.3 |
| 56 | @asyncapi/markdown-template | = 1.6.8 || = 1.6.9 |
| 57 | @asyncapi/modelina | = 5.10.3 || = 5.10.2 |
| 58 | @asyncapi/modelina-cli | = 5.10.3 || = 5.10.2 |
| 59 | @asyncapi/multi-parser | = 2.2.1 || = 2.2.2 |
| 60 | @asyncapi/nodejs-template | = 3.0.6 || = 3.0.5 |
| 61 | @asyncapi/nodejs-ws-template | = 0.10.1 || = 0.10.2 |
| 62 | @asyncapi/nunjucks-filters | = 2.1.1 || = 2.1.2 |
| 63 | @asyncapi/openapi-schema-parser | = 3.0.25 || = 3.0.26 |
| 64 | @asyncapi/optimizer | = 1.0.6 || = 1.0.5 |
| 65 | @asyncapi/parser | = 3.4.1 || = 3.4.2 |
| 66 | @asyncapi/php-template | = 0.1.1 || = 0.1.2 |
| 67 | @asyncapi/problem | = 1.0.2 || = 1.0.1 |
| 68 | @asyncapi/protobuf-schema-parser | = 3.5.2 || = 3.6.1 || = 3.5.3 |
| 69 | @asyncapi/python-paho-template | = 0.2.15 || = 0.2.14 |
| 70 | @asyncapi/react-component | = 2.6.7 || = 2.6.6 |
| 71 | @asyncapi/server-api | = 0.16.24 || = 0.16.25 |
| 72 | @asyncapi/specs | = 6.9.1 || = 6.10.1 || = 6.8.3 || = 6.8.2 |
| 73 | @asyncapi/studio | = 1.0.3 || = 1.0.2 |
| 74 | @asyncapi/web-component | = 2.6.7 || = 2.6.6 |
| 75 | @bdkinc/knex-ibmi | = 0.5.7 |
| 76 | @browserbasehq/bb9 | = 1.2.21 |
| 77 | @browserbasehq/director-ai | = 1.0.3 |
| 78 | @browserbasehq/mcp | = 2.1.1 |
| 79 | @browserbasehq/mcp-server-browserbase | = 2.4.2 |
| 80 | @browserbasehq/sdk-functions | = 0.0.4 |
| 81 | @browserbasehq/stagehand | = 3.0.4 |
| 82 | @browserbasehq/stagehand-docs | = 1.0.1 |
| 83 | @caretive/caret-cli | = 0.0.2 |
| 84 | @chtijs/eslint-config | = 1.0.1 |
| 85 | @clausehq/flows-step-httprequest | = 0.1.14 |
| 86 | @clausehq/flows-step-jsontoxml | = 0.1.14 |
| 87 | @clausehq/flows-step-mqtt | = 0.1.14 |
| 88 | @clausehq/flows-step-sendgridemail | = 0.1.14 |
| 89 | @clausehq/flows-step-taskscreateurl | = 0.1.14 |
| 90 | @cllbk/ghl | = 1.3.1 |
| 91 | @commute/bloom | = 1.0.3 |
| 92 | @commute/market-data | = 1.0.2 |
| 93 | @commute/market-data-chartjs | = 2.3.1 |
| 94 | @dev-blinq/ai-qa-logic | = 1.0.19 |
| 95 | @dev-blinq/blinqioclient | = 1.0.21 |
| 96 | @dev-blinq/cucumber-js | = 1.0.131 |
| 97 | @dev-blinq/cucumber_client | = 1.0.738 |
| 98 | @dev-blinq/ui-systems | = 1.0.93 |
| 99 | @elsedev/react-csr-sdk | = 0.2.2 |
| 100 | @ensdomains/address-encoder | = 1.1.5 |
| 101 | @ensdomains/blacklist | = 1.0.1 |
| 102 | @ensdomains/buffer | = 0.1.2 |
| 103 | @ensdomains/ccip-read-cf-worker | = 0.0.4 |
| 104 | @ensdomains/ccip-read-dns-gateway | = 0.1.1 |
| 105 | @ensdomains/ccip-read-router | = 0.0.7 |
| 106 | @ensdomains/ccip-read-worker-viem | = 0.0.4 |
| 107 | @ensdomains/content-hash | = 3.0.1 |
| 108 | @ensdomains/curvearithmetics | = 1.0.1 |
| 109 | @ensdomains/cypress-metamask | = 1.2.1 |
| 110 | @ensdomains/dnsprovejs | = 0.5.3 |
| 111 | @ensdomains/dnssec-oracle-anchors | = 0.0.2 |
| 112 | @ensdomains/dnssecoraclejs | = 0.2.9 |
| 113 | @ensdomains/durin | = 0.1.2 |
| 114 | @ensdomains/durin-middleware | = 0.0.2 |
| 115 | @ensdomains/ens-archived-contracts | = 0.0.3 |
| 116 | @ensdomains/ens-avatar | = 1.0.4 |
| 117 | @ensdomains/ens-contracts | = 1.6.1 |
| 118 | @ensdomains/ens-test-env | = 1.0.2 |
| 119 | @ensdomains/ens-validation | = 0.1.1 |
| 120 | @ensdomains/ensjs | = 4.0.3 |
| 121 | @ensdomains/ensjs-react | = 0.0.5 |
| 122 | @ensdomains/eth-ens-namehash | = 2.0.16 |
| 123 | @ensdomains/hackathon-registrar | = 1.0.5 |
| 124 | @ensdomains/hardhat-chai-matchers-viem | = 0.1.15 |
| 125 | @ensdomains/hardhat-toolbox-viem-extended | = 0.0.6 |
| 126 | @ensdomains/mock | = 2.1.52 |
| 127 | @ensdomains/name-wrapper | = 1.0.1 |
| 128 | @ensdomains/offchain-resolver-contracts | = 0.2.2 |
| 129 | @ensdomains/op-resolver-contracts | = 0.0.2 |
| 130 | @ensdomains/react-ens-address | = 0.0.32 |
| 131 | @ensdomains/renewal | = 0.0.13 |
| 132 | @ensdomains/renewal-widget | = 0.1.10 |
| 133 | @ensdomains/reverse-records | = 1.0.1 |
| 134 | @ensdomains/server-analytics | = 0.0.2 |
| 135 | @ensdomains/solsha1 | = 0.0.4 |
| 136 | @ensdomains/subdomain-registrar | = 0.2.4 |
| 137 | @ensdomains/test-utils | = 1.3.1 |
| 138 | @ensdomains/thorin | = 0.6.51 |
| 139 | @ensdomains/ui | = 3.4.6 |
| 140 | @ensdomains/unicode-confusables | = 0.1.1 |
| 141 | @ensdomains/unruggable-gateways | = 0.0.3 |
| 142 | @ensdomains/vite-plugin-i18next-loader | = 4.0.4 |
| 143 | @ensdomains/web3modal | = 1.10.2 |
| 144 | @everreal/react-charts | = 2.0.2 || = 2.0.1 |
| 145 | @everreal/validate-esmoduleinterop-imports | = 1.4.5 || = 1.4.4 |
| 146 | @everreal/web-analytics | = 0.0.1 || = 0.0.2 |
| 147 | @faq-component/core | = 0.0.4 |
| 148 | @faq-component/react | = 1.0.1 |
| 149 | @fishingbooker/browser-sync-plugin | = 1.0.5 |
| 150 | @fishingbooker/react-loader | = 1.0.7 |
| 151 | @fishingbooker/react-pagination | = 2.0.6 |
| 152 | @fishingbooker/react-raty | = 2.0.1 |
| 153 | @fishingbooker/react-swiper | = 0.1.5 |
| 154 | @hapheus/n8n-nodes-pgp | = 1.5.1 |
| 155 | @hover-design/core | = 0.0.1 |
| 156 | @hover-design/react | = 0.2.1 |
| 157 | @huntersofbook/auth-vue | = 0.4.2 |
| 158 | @huntersofbook/core | = 0.5.1 |
| 159 | @huntersofbook/core-nuxt | = 0.4.2 |
| 160 | @huntersofbook/form-naiveui | = 0.5.1 |
| 161 | @huntersofbook/i18n | = 0.8.2 |
| 162 | @huntersofbook/ui | = 0.5.1 |
| 163 | @hyperlook/telemetry-sdk | = 1.0.19 |
| 164 | @ifelsedeveloper/protocol-contracts-svm-idl | = 0.1.2 || = 0.1.3 |
| 165 | @ifings/design-system | = 4.9.2 |
| 166 | @ifings/metatron3 | = 0.1.5 |
| 167 | @jayeshsadhwani/telemetry-sdk | = 1.0.14 |
| 168 | @kvytech/cli | = 0.0.7 |
| 169 | @kvytech/components | = 0.0.2 |
| 170 | @kvytech/habbit-e2e-test | = 0.0.2 |
| 171 | @kvytech/medusa-plugin-announcement | = 0.0.8 |
| 172 | @kvytech/medusa-plugin-management | = 0.0.5 |
| 173 | @kvytech/medusa-plugin-newsletter | = 0.0.5 |
| 174 | @kvytech/medusa-plugin-product-reviews | = 0.0.9 |
| 175 | @kvytech/medusa-plugin-promotion | = 0.0.2 |
| 176 | @kvytech/web | = 0.0.2 |
| 177 | @lessondesk/api-client | = 9.12.2 || = 9.12.3 |
| 178 | @lessondesk/babel-preset | = 1.0.1 |
| 179 | @lessondesk/electron-group-api-client | = 1.0.3 |
| 180 | @lessondesk/eslint-config | = 1.4.2 |
| 181 | @lessondesk/material-icons | = 1.0.3 |
| 182 | @lessondesk/react-table-context | = 2.0.4 |
| 183 | @lessondesk/schoolbus | = 5.2.2 || = 5.2.3 |
| 184 | @livecms/live-edit | = 0.0.32 |
| 185 | @livecms/nuxt-live-edit | = 1.9.2 |
| 186 | @lokeswari-satyanarayanan/rn-zustand-expo-template | = 1.0.9 |
| 187 | @louisle2/core | = 1.0.1 |
| 188 | @louisle2/cortex-js | = 0.1.6 |
| 189 | @lpdjs/firestore-repo-service | = 1.0.1 |
| 190 | @lui-ui/lui-nuxt | = 0.1.1 |
| 191 | @lui-ui/lui-tailwindcss | = 0.1.2 |
| 192 | @lui-ui/lui-vue | = 1.0.13 |
| 193 | @markvivanco/app-version-checker | = 1.0.2 || = 1.0.1 |
| 194 | @mcp-use/cli | = 2.2.7 || = 2.2.6 |
| 195 | @mcp-use/inspector | = 0.6.3 || = 0.6.2 |
| 196 | @mcp-use/mcp-use | = 1.0.2 || = 1.0.1 |
| 197 | @micado-digital/stadtmarketing-kufstein-external | = 1.9.1 |
| 198 | @mizzle-dev/orm | = 0.0.2 |
| 199 | @mparpaillon/connector-parse | = 1.0.1 |
| 200 | @mparpaillon/imagesloaded | = 4.1.2 |
| 201 | @mparpaillon/page | = 1.0.1 |
| 202 | @ntnx/passport-wso2 | = 0.0.3 |
| 203 | @ntnx/t | = 0.0.101 |
| 204 | @oku-ui/accordion | = 0.6.2 |
| 205 | @oku-ui/alert-dialog | = 0.6.2 |
| 206 | @oku-ui/arrow | = 0.6.2 |
| 207 | @oku-ui/aspect-ratio | = 0.6.2 |
| 208 | @oku-ui/avatar | = 0.6.2 |
| 209 | @oku-ui/checkbox | = 0.6.3 |
| 210 | @oku-ui/collapsible | = 0.6.2 |
| 211 | @oku-ui/collection | = 0.6.2 |
| 212 | @oku-ui/dialog | = 0.6.2 |
| 213 | @oku-ui/direction | = 0.6.2 |
| 214 | @oku-ui/dismissable-layer | = 0.6.2 |
| 215 | @oku-ui/focus-guards | = 0.6.2 |
| 216 | @oku-ui/focus-scope | = 0.6.2 |
| 217 | @oku-ui/hover-card | = 0.6.2 |
| 218 | @oku-ui/label | = 0.6.2 |
| 219 | @oku-ui/menu | = 0.6.2 |
| 220 | @oku-ui/motion | = 0.4.4 |
| 221 | @oku-ui/motion-nuxt | = 0.2.2 |
| 222 | @oku-ui/popover | = 0.6.2 |
| 223 | @oku-ui/popper | = 0.6.2 |
| 224 | @oku-ui/portal | = 0.6.2 |
| 225 | @oku-ui/presence | = 0.6.2 |
| 226 | @oku-ui/primitive | = 0.6.2 |
| 227 | @oku-ui/primitives | = 0.7.9 |
| 228 | @oku-ui/primitives-nuxt | = 0.3.1 |
| 229 | @oku-ui/progress | = 0.6.2 |
| 230 | @oku-ui/provide | = 0.6.2 |
| 231 | @oku-ui/radio-group | = 0.6.2 |
| 232 | @oku-ui/roving-focus | = 0.6.2 |
| 233 | @oku-ui/scroll-area | = 0.6.2 |
| 234 | @oku-ui/separator | = 0.6.2 |
| 235 | @oku-ui/slider | = 0.6.2 |
| 236 | @oku-ui/slot | = 0.6.2 |
| 237 | @oku-ui/switch | = 0.6.2 |
| 238 | @oku-ui/tabs | = 0.6.2 |
| 239 | @oku-ui/toast | = 0.6.2 |
| 240 | @oku-ui/toggle | = 0.6.2 |
| 241 | @oku-ui/toggle-group | = 0.6.2 |
| 242 | @oku-ui/toolbar | = 0.6.2 |
| 243 | @oku-ui/tooltip | = 0.6.2 |
| 244 | @oku-ui/use-composable | = 0.6.2 |
| 245 | @oku-ui/utils | = 0.6.2 |
| 246 | @oku-ui/visually-hidden | = 0.6.2 |
| 247 | @orbitgtbelgium/mapbox-gl-draw-cut-polygon-mode | = 2.0.5 |
| 248 | @orbitgtbelgium/mapbox-gl-draw-scale-rotate-mode | = 1.1.1 |
| 249 | @orbitgtbelgium/orbit-components | = 1.2.9 |
| 250 | @orbitgtbelgium/time-slider | = 1.0.187 |
| 251 | @osmanekrem/bmad | = 1.0.6 |
| 252 | @osmanekrem/error-handler | = 1.2.2 |
| 253 | @pergel/cli | = 0.11.1 |
| 254 | @pergel/module-box | = 0.6.1 |
| 255 | @pergel/module-graphql | = 0.6.1 |
| 256 | @pergel/module-ui | = 0.0.9 |
| 257 | @pergel/nuxt | = 0.25.5 |
| 258 | @posthog/agent | = 1.24.1 |
| 259 | @posthog/ai | = 7.1.2 |
| 260 | @posthog/automatic-cohorts-plugin | = 0.0.8 |
| 261 | @posthog/bitbucket-release-tracker | = 0.0.8 |
| 262 | @posthog/cli | = 0.5.15 |
| 263 | @posthog/clickhouse | = 1.7.1 |
| 264 | @posthog/core | = 1.5.6 |
| 265 | @posthog/currency-normalization-plugin | = 0.0.8 |
| 266 | @posthog/customerio-plugin | = 0.0.8 |
| 267 | @posthog/databricks-plugin | = 0.0.8 |
| 268 | @posthog/drop-events-on-property-plugin | = 0.0.8 |
| 269 | @posthog/event-sequence-timer-plugin | = 0.0.8 |
| 270 | @posthog/filter-out-plugin | = 0.0.8 |
| 271 | @posthog/first-time-event-tracker | = 0.0.8 |
| 272 | @posthog/geoip-plugin | = 0.0.8 |
| 273 | @posthog/github-release-tracking-plugin | = 0.0.8 |
| 274 | @posthog/gitub-star-sync-plugin | = 0.0.8 |
| 275 | @posthog/heartbeat-plugin | = 0.0.8 |
| 276 | @posthog/hedgehog-mode | = 0.0.42 |
| 277 | @posthog/icons | = 0.36.1 |
| 278 | @posthog/ingestion-alert-plugin | = 0.0.8 |
| 279 | @posthog/intercom-plugin | = 0.0.8 |
| 280 | @posthog/kinesis-plugin | = 0.0.8 |
| 281 | @posthog/laudspeaker-plugin | = 0.0.8 |
| 282 | @posthog/lemon-ui | = 0.0.1 |
| 283 | @posthog/maxmind-plugin | = 0.1.6 |
| 284 | @posthog/migrator3000-plugin | = 0.0.8 |
| 285 | @posthog/netdata-event-processing | = 0.0.8 |
| 286 | @posthog/nextjs | = 0.0.3 |
| 287 | @posthog/nextjs-config | = 1.5.1 |
| 288 | @posthog/nuxt | = 1.2.9 |
| 289 | @posthog/pagerduty-plugin | = 0.0.8 |
| 290 | @posthog/piscina | = 3.2.1 |
| 291 | @posthog/plugin-contrib | = 0.0.6 |
| 292 | @posthog/plugin-server | = 1.10.8 |
| 293 | @posthog/plugin-unduplicates | = 0.0.8 |
| 294 | @posthog/postgres-plugin | = 0.0.8 |
| 295 | @posthog/react-rrweb-player | = 1.1.4 |
| 296 | @posthog/rrdom | = 0.0.31 |
| 297 | @posthog/rrweb | = 0.0.31 |
| 298 | @posthog/rrweb-player | = 0.0.31 |
| 299 | @posthog/rrweb-record | = 0.0.31 |
| 300 | @posthog/rrweb-replay | = 0.0.19 |
| 301 | @posthog/rrweb-snapshot | = 0.0.31 |
| 302 | @posthog/rrweb-utils | = 0.0.31 |
| 303 | @posthog/sendgrid-plugin | = 0.0.8 |
| 304 | @posthog/siphash | = 1.1.2 |
| 305 | @posthog/snowflake-export-plugin | = 0.0.8 |
| 306 | @posthog/taxonomy-plugin | = 0.0.8 |
| 307 | @posthog/twilio-plugin | = 0.0.8 |
| 308 | @posthog/twitter-followers-plugin | = 0.0.8 |
| 309 | @posthog/url-normalizer-plugin | = 0.0.8 |
| 310 | @posthog/variance-plugin | = 0.0.8 |
| 311 | @posthog/web-dev-server | = 1.0.5 |
| 312 | @posthog/wizard | = 1.18.1 |
| 313 | @posthog/zendesk-plugin | = 0.0.8 |
| 314 | @postman/aether-icons | = 2.23.2 || = 2.23.3 || = 2.23.4 |
| 315 | @postman/csv-parse | = 4.0.3 || = 4.0.5 || = 4.0.4 |
| 316 | @postman/final-node-keytar | = 7.9.3 || = 7.9.1 || = 7.9.2 |
| 317 | @postman/mcp-ui-client | = 5.5.2 || = 5.5.3 || = 5.5.1 |
| 318 | @postman/node-keytar | = 7.9.4 || = 7.9.5 || = 7.9.6 |
| 319 | @postman/pm-bin-linux-x64 | = 1.24.3 || = 1.24.5 || = 1.24.4 |
| 320 | @postman/pm-bin-macos-arm64 | = 1.24.3 || = 1.24.5 || = 1.24.4 |
| 321 | @postman/pm-bin-macos-x64 | = 1.24.3 || = 1.24.5 || = 1.24.4 |
| 322 | @postman/pm-bin-windows-x64 | = 1.24.3 || = 1.24.5 || = 1.24.4 |
| 323 | @postman/postman-collection-fork | = 4.3.3 || = 4.3.5 || = 4.3.4 |
| 324 | @postman/postman-mcp-cli | = 1.0.4 || = 1.0.5 || = 1.0.3 |
| 325 | @postman/postman-mcp-server | = 2.4.12 || = 2.4.10 || = 2.4.11 |
| 326 | @postman/pretty-ms | = 6.1.2 || = 6.1.3 || = 6.1.1 |
| 327 | @postman/secret-scanner-wasm | = 2.1.4 || = 2.1.3 || = 2.1.2 |
| 328 | @postman/tunnel-agent | = 0.6.5 || = 0.6.7 || = 0.6.6 |
| 329 | @postman/wdio-allure-reporter | = 0.0.7 || = 0.0.8 || = 0.0.9 |
| 330 | @postman/wdio-junit-reporter | = 0.0.4 || = 0.0.5 || = 0.0.6 |
| 331 | @pradhumngautam/common-app | = 1.0.2 |
| 332 | @productdevbook/animejs-vue | = 0.2.1 |
| 333 | @productdevbook/auth | = 0.2.2 |
| 334 | @productdevbook/chatwoot | = 2.0.1 |
| 335 | @productdevbook/motion | = 1.0.4 |
| 336 | @productdevbook/ts-i18n | = 1.4.2 |
| 337 | @pruthvi21/use-debounce | = 1.0.3 |
| 338 | @quick-start-soft/quick-document-translator | = 1.4.2511142126 |
| 339 | @quick-start-soft/quick-git-clean-markdown | = 1.4.2511142126 |
| 340 | @quick-start-soft/quick-markdown | = 1.4.2511142126 |
| 341 | @quick-start-soft/quick-markdown-compose | = 1.4.2506300029 |
| 342 | @quick-start-soft/quick-markdown-image | = 1.4.2511142126 |
| 343 | @quick-start-soft/quick-markdown-print | = 1.4.2511142126 |
| 344 | @quick-start-soft/quick-markdown-translator | = 1.4.2509202331 |
| 345 | @quick-start-soft/quick-remove-image-background | = 1.4.2511142126 |
| 346 | @quick-start-soft/quick-task-refine | = 1.4.2511142126 |
| 347 | @relyt/claude-context-core | = 0.1.1 |
| 348 | @relyt/claude-context-mcp | = 0.1.1 |
| 349 | @relyt/mcp-server-relytone | = 0.0.3 |
| 350 | @sameepsi/sor | = 1.0.3 |
| 351 | @sameepsi/sor2 | = 2.0.2 |
| 352 | @seezo/sdr-mcp-server | = 0.0.5 |
| 353 | @seung-ju/next | = 0.0.2 |
| 354 | @seung-ju/openapi-generator | = 0.0.4 |
| 355 | @seung-ju/react-hooks | = 0.0.2 |
| 356 | @seung-ju/react-native-action-sheet | = 0.2.1 |
| 357 | @silgi/better-auth | = 0.8.1 |
| 358 | @silgi/drizzle | = 0.8.4 |
| 359 | @silgi/ecosystem | = 0.7.6 |
| 360 | @silgi/graphql | = 0.7.15 |
| 361 | @silgi/module-builder | = 0.8.8 |
| 362 | @silgi/openapi | = 0.7.4 |
| 363 | @silgi/permission | = 0.6.8 |
| 364 | @silgi/ratelimit | = 0.2.1 |
| 365 | @silgi/scalar | = 0.6.2 |
| 366 | @silgi/yoga | = 0.7.1 |
| 367 | @sme-ui/aoma-vevasound-metadata-lib | = 0.1.3 |
| 368 | @strapbuild/react-native-date-time-picker | = 2.0.4 |
| 369 | @strapbuild/react-native-perspective-image-cropper | = 0.4.15 |
| 370 | @strapbuild/react-native-perspective-image-cropper-2 | = 0.4.7 |
| 371 | @strapbuild/react-native-perspective-image-cropper-poojan31 | = 0.4.6 |
| 372 | @suraj_h/medium-common | = 1.0.5 |
| 373 | @thedelta/eslint-config | = 1.0.2 |
| 374 | @tiaanduplessis/json | = 2.0.2 || = 2.0.3 |
| 375 | @tiaanduplessis/react-progressbar | = 1.0.2 || = 1.0.1 |
| 376 | @trackstar/angular-trackstar-link | = 1.0.2 |
| 377 | @trackstar/react-trackstar-link | = 2.0.21 |
| 378 | @trackstar/react-trackstar-link-upgrade | = 1.1.10 |
| 379 | @trackstar/test-angular-package | = 0.0.9 |
| 380 | @trackstar/test-package | = 1.1.5 |
| 381 | @trefox/sleekshop-js | = 0.1.6 |
| 382 | @trigo/atrix | = 7.0.1 |
| 383 | @trigo/atrix-acl | = 4.0.2 |
| 384 | @trigo/atrix-elasticsearch | = 2.0.1 |
| 385 | @trigo/atrix-mongoose | = 1.0.2 |
| 386 | @trigo/atrix-orientdb | = 1.0.2 |
| 387 | @trigo/atrix-postgres | = 1.0.3 |
| 388 | @trigo/atrix-pubsub | = 4.0.3 |
| 389 | @trigo/atrix-redis | = 1.0.2 |
| 390 | @trigo/atrix-soap | = 1.0.2 |
| 391 | @trigo/atrix-swagger | = 3.0.1 |
| 392 | @trigo/bool-expressions | = 4.1.3 |
| 393 | @trigo/eslint-config-trigo | = 3.3.1 |
| 394 | @trigo/fsm | = 3.4.2 |
| 395 | @trigo/hapi-auth-signedlink | = 1.3.1 |
| 396 | @trigo/jsdt | = 0.2.1 |
| 397 | @trigo/keycloak-api | = 1.3.1 |
| 398 | @trigo/node-soap | = 0.5.4 |
| 399 | @trigo/pathfinder-ui-css | = 0.1.1 |
| 400 | @trigo/trigo-hapijs | = 5.0.1 |
| 401 | @trpc-rate-limiter/cloudflare | = 0.1.4 |
| 402 | @trpc-rate-limiter/hono | = 0.1.4 |
| 403 | @varsityvibe/api-client | = 1.3.36 || = 1.3.37 |
| 404 | @varsityvibe/utils | = 5.0.6 |
| 405 | @varsityvibe/validation-schemas | = 0.6.7 || = 0.6.8 |
| 406 | @viapip/eslint-config | = 0.2.4 |
| 407 | @vishadtyagi/full-year-calendar | = 0.1.11 |
| 408 | @voiceflow/alexa-types | = 2.15.60 || = 2.15.61 |
| 409 | @voiceflow/anthropic | = 0.4.4 || = 0.4.5 |
| 410 | @voiceflow/api-sdk | = 3.28.59 || = 3.28.58 |
| 411 | @voiceflow/backend-utils | = 5.0.1 || = 5.0.2 |
| 412 | @voiceflow/base-types | = 2.136.3 || = 2.136.2 |
| 413 | @voiceflow/body-parser | = 1.21.3 || = 1.21.2 |
| 414 | @voiceflow/chat-types | = 2.14.59 || = 2.14.58 |
| 415 | @voiceflow/circleci-config-sdk-orb-import | = 0.2.1 || = 0.2.2 |
| 416 | @voiceflow/commitlint-config | = 2.6.2 || = 2.6.1 |
| 417 | @voiceflow/common | = 8.9.1 || = 8.9.2 |
| 418 | @voiceflow/default-prompt-wrappers | = 1.7.4 || = 1.7.3 |
| 419 | @voiceflow/dependency-cruiser-config | = 1.8.11 || = 1.8.12 |
| 420 | @voiceflow/dtos-interact | = 1.40.2 || = 1.40.1 |
| 421 | @voiceflow/encryption | = 0.3.2 || = 0.3.3 |
| 422 | @voiceflow/eslint-config | = 7.16.4 || = 7.16.5 |
| 423 | @voiceflow/eslint-plugin | = 1.6.2 || = 1.6.1 |
| 424 | @voiceflow/exception | = 1.10.1 || = 1.10.2 |
| 425 | @voiceflow/fetch | = 1.11.1 || = 1.11.2 |
| 426 | @voiceflow/general-types | = 3.2.22 || = 3.2.23 |
| 427 | @voiceflow/git-branch-check | = 1.4.3 || = 1.4.4 |
| 428 | @voiceflow/google-dfes-types | = 2.17.12 || = 2.17.13 |
| 429 | @voiceflow/google-types | = 2.21.12 || = 2.21.13 |
| 430 | @voiceflow/husky-config | = 1.3.2 || = 1.3.1 |
| 431 | @voiceflow/logger | = 2.4.3 || = 2.4.2 |
| 432 | @voiceflow/metrics | = 1.5.2 || = 1.5.1 |
| 433 | @voiceflow/natural-language-commander | = 0.5.2 || = 0.5.3 |
| 434 | @voiceflow/nestjs-common | = 2.75.3 || = 2.75.2 |
| 435 | @voiceflow/nestjs-mongodb | = 1.3.2 || = 1.3.1 |
| 436 | @voiceflow/nestjs-rate-limit | = 1.3.2 || = 1.3.3 |
| 437 | @voiceflow/nestjs-redis | = 1.3.2 || = 1.3.1 |
| 438 | @voiceflow/nestjs-timeout | = 1.3.2 || = 1.3.1 |
| 439 | @voiceflow/npm-package-json-lint-config | = 1.1.2 || = 1.1.1 |
| 440 | @voiceflow/openai | = 3.2.3 || = 3.2.2 |
| 441 | @voiceflow/pino | = 6.11.4 || = 6.11.3 |
| 442 | @voiceflow/pino-pretty | = 4.4.1 || = 4.4.2 |
| 443 | @voiceflow/prettier-config | = 1.10.1 || = 1.10.2 |
| 444 | @voiceflow/react-chat | = 1.65.3 || = 1.65.4 |
| 445 | @voiceflow/runtime | = 1.29.2 || = 1.29.1 |
| 446 | @voiceflow/runtime-client-js | = 1.17.2 || = 1.17.3 |
| 447 | @voiceflow/sdk-runtime | = 1.43.2 || = 1.43.1 |
| 448 | @voiceflow/secrets-provider | = 1.9.2 || = 1.9.3 |
| 449 | @voiceflow/semantic-release-config | = 1.4.2 || = 1.4.1 |
| 450 | @voiceflow/serverless-plugin-typescript | = 2.1.8 || = 2.1.7 |
| 451 | @voiceflow/slate-serializer | = 1.7.4 || = 1.7.3 |
| 452 | @voiceflow/stitches-react | = 2.3.3 || = 2.3.2 |
| 453 | @voiceflow/storybook-config | = 1.2.3 || = 1.2.2 |
| 454 | @voiceflow/stylelint-config | = 1.1.2 || = 1.1.1 |
| 455 | @voiceflow/test-common | = 2.1.1 || = 2.1.2 |
| 456 | @voiceflow/tsconfig | = 1.12.1 || = 1.12.2 |
| 457 | @voiceflow/tsconfig-paths | = 1.1.5 || = 1.1.4 |
| 458 | @voiceflow/utils-designer | = 1.74.20 || = 1.74.19 |
| 459 | @voiceflow/verror | = 1.1.5 || = 1.1.4 |
| 460 | @voiceflow/vite-config | = 2.6.2 || = 2.6.3 |
| 461 | @voiceflow/vitest-config | = 1.10.3 || = 1.10.2 |
| 462 | @voiceflow/voice-types | = 2.10.58 || = 2.10.59 |
| 463 | @voiceflow/voiceflow-types | = 3.32.45 || = 3.32.46 |
| 464 | @voiceflow/widget | = 1.7.18 || = 1.7.19 |
| 465 | @vucod/email | = 0.0.3 |
| 466 | @zapier/ai-actions | = 0.1.18 || = 0.1.19 || = 0.1.20 |
| 467 | @zapier/ai-actions-react | = 0.1.13 || = 0.1.12 || = 0.1.14 |
| 468 | @zapier/babel-preset-zapier | = 6.4.2 || = 6.4.1 || = 6.4.3 |
| 469 | @zapier/browserslist-config-zapier | = 1.0.4 || = 1.0.5 || = 1.0.3 |
| 470 | @zapier/eslint-plugin-zapier | = 11.0.5 || = 11.0.3 || = 11.0.4 |
| 471 | @zapier/mcp-integration | = 3.0.3 || = 3.0.1 || = 3.0.2 |
| 472 | @zapier/secret-scrubber | = 1.1.5 || = 1.1.3 || = 1.1.4 |
| 473 | @zapier/spectral-api-ruleset | = 1.9.3 || = 1.9.2 || = 1.9.1 |
| 474 | @zapier/stubtree | = 0.1.4 || = 0.1.3 || = 0.1.2 |
| 475 | @zapier/zapier-sdk | = 0.15.7 || = 0.15.6 || = 0.15.5 |
| 476 | ai-crowl-shield | = 1.0.7 |
| 477 | arc-cli-fc | = 1.0.1 |
| 478 | asciitranslator | = 1.0.3 |
| 479 | asyncapi-preview | = 1.0.2 || = 1.0.1 |
| 480 | atrix | = 1.0.1 |
| 481 | atrix-mongoose | = 1.0.1 |
| 482 | automation_model | = 1.0.491 |
| 483 | avvvatars-vue | = 1.1.2 |
| 484 | axios-builder | = 1.2.1 |
| 485 | axios-cancelable | = 1.0.2 || = 1.0.1 |
| 486 | axios-timed | = 1.0.2 || = 1.0.1 |
| 487 | babel-preset-kinvey-flex-service | = 0.1.1 |
| 488 | barebones-css | = 1.1.3 || = 1.1.4 |
| 489 | benmostyn-frame-print | = 1.0.1 |
| 490 | bestgpiocontroller | = 1.0.10 |
| 491 | better-auth-nuxt | = 0.0.10 |
| 492 | better-queue-nedb | = 0.1.5 |
| 493 | bidirectional-adapter | = 1.2.3 || = 1.2.2 || = 1.2.5 || = 1.2.4 |
| 494 | blinqio-executions-cli | = 1.0.41 |
| 495 | blob-to-base64 | = 1.0.3 |
| 496 | bool-expressions | = 0.1.2 |
| 497 | buffered-interpolation-babylon6 | = 0.2.8 |
| 498 | bun-plugin-httpfile | = 0.1.1 |
| 499 | bytecode-checker-cli | = 1.0.10 || = 1.0.9 || = 1.0.8 || = 1.0.11 |
| 500 | bytes-to-x | = 1.0.1 |
| 501 | calc-loan-interest | = 1.0.4 |
| 502 | capacitor-plugin-apptrackingios | = 0.0.21 |
| 503 | capacitor-plugin-purchase | = 0.1.1 |
| 504 | capacitor-plugin-scgssigninwithgoogle | = 0.0.5 |
| 505 | capacitor-purchase-history | = 0.0.10 |
| 506 | capacitor-voice-recorder-wav | = 6.0.3 |
| 507 | cbre-flow-common | = 1.3.2 || = 1.3.1 |
| 508 | ceviz | = 0.0.5 |
| 509 | chrome-extension-downloads | = 0.0.3 || = 0.0.4 |
| 510 | claude-token-updater | = 1.0.3 |
| 511 | coinmarketcap-api | = 3.1.3 || = 3.1.2 |
| 512 | colors-regex | = 2.0.1 |
| 513 | command-irail | = 0.5.4 |
| 514 | compare-obj | = 1.1.2 || = 1.1.1 |
| 515 | composite-reducer | = 1.0.4 || = 1.0.5 || = 1.0.2 || = 1.0.3 |
| 516 | count-it-down | = 1.0.2 || = 1.0.1 |
| 517 | cpu-instructions | = 0.0.14 |
| 518 | create-director-app | = 0.1.1 |
| 519 | create-glee-app | = 0.2.3 || = 0.2.2 |
| 520 | create-hardhat3-app | = 1.1.2 || = 1.1.3 || = 1.1.1 || = 1.1.4 |
| 521 | create-kinvey-flex-service | = 0.2.1 |
| 522 | create-mcp-use-app | = 0.5.4 || = 0.5.3 |
| 523 | create-silgi | = 0.3.1 |
| 524 | crypto-addr-codec | = 0.1.9 |
| 525 | css-dedoupe | = 0.1.2 |
| 526 | csv-tool-cli | = 1.2.1 |
| 527 | dashboard-empty-state | = 1.0.3 |
| 528 | designstudiouiux | = 1.0.1 |
| 529 | devstart-cli | = 1.0.6 |
| 530 | dialogflow-es | = 1.1.2 || = 1.1.3 || = 1.1.1 || = 1.1.4 |
| 531 | discord-bot-server | = 0.1.2 |
| 532 | docusaurus-plugin-vanilla-extract | = 1.0.3 |
| 533 | dont-go | = 1.1.2 |
| 534 | dotnet-template | = 0.0.3 || = 0.0.4 |
| 535 | drop-events-on-property-plugin | = 0.0.2 |
| 536 | easypanel-sdk | = 0.3.2 |
| 537 | electron-volt | = 0.0.2 |
| 538 | email-deliverability-tester | = 1.1.1 |
| 539 | enforce-branch-name | = 1.1.3 |
| 540 | esbuild-plugin-brotli | = 0.2.1 |
| 541 | esbuild-plugin-eta | = 0.1.1 |
| 542 | esbuild-plugin-httpfile | = 0.4.1 |
| 543 | eslint-config-kinvey-flex-service | = 0.1.1 |
| 544 | eslint-config-nitpicky | = 4.0.1 |
| 545 | eslint-config-trigo | = 22.0.2 |
| 546 | eslint-config-zeallat-base | = 1.0.4 |
| 547 | ethereum-ens | = 0.8.1 |
| 548 | evm-checkcode-cli | = 1.0.14 || = 1.0.12 || = 1.0.15 || = 1.0.13 |
| 549 | exact-ticker | = 0.3.5 |
| 550 | expo-audio-session | = 0.2.1 |
| 551 | expo-router-on-rails | = 0.0.4 |
| 552 | express-starter-template | = 1.0.10 |
| 553 | expressos | = 1.1.3 |
| 554 | fat-fingered | = 1.0.2 || = 1.0.1 |
| 555 | feature-flip | = 1.0.2 || = 1.0.1 |
| 556 | firestore-search-engine | = 1.2.3 |
| 557 | fittxt | = 1.0.3 || = 1.0.2 |
| 558 | flapstacks | = 1.0.2 || = 1.0.1 |
| 559 | flatten-unflatten | = 1.0.2 || = 1.0.1 |
| 560 | formik-error-focus | = 2.0.1 |
| 561 | formik-store | = 1.0.1 |
| 562 | frontity-starter-theme | = 1.0.1 |
| 563 | fuzzy-finder | = 1.0.6 || = 1.0.5 |
| 564 | gate-evm-check-code2 | = 2.0.6 || = 2.0.5 || = 2.0.4 || = 2.0.3 |
| 565 | gate-evm-tools-test | = 1.0.6 || = 1.0.5 || = 1.0.8 || = 1.0.7 |
| 566 | gatsby-plugin-antd | = 2.2.1 |
| 567 | gatsby-plugin-cname | = 1.0.2 || = 1.0.1 |
| 568 | generator-meteor-stock | = 0.1.6 |
| 569 | generator-ng-itobuz | = 0.0.15 |
| 570 | get-them-args | = 1.3.3 |
| 571 | github-action-for-generator | = 2.1.27 || = 2.1.28 |
| 572 | gitsafe | = 1.0.5 |
| 573 | go-template | = 0.1.9 || = 0.1.8 |
| 574 | gulp-inject-envs | = 1.2.2 || = 1.2.1 |
| 575 | haufe-axera-api-client | = 0.0.1 || = 0.0.2 |
| 576 | hope-mapboxdraw | = 0.1.1 |
| 577 | hopedraw | = 1.0.3 |
| 578 | hover-design-prototype | = 0.0.5 |
| 579 | httpness | = 1.0.3 || = 1.0.2 |
| 580 | hyper-fullfacing | = 1.0.3 |
| 581 | hyperterm-hipster | = 1.0.7 |
| 582 | ids-css | = 1.5.1 |
| 583 | ids-enterprise-mcp-server | = 0.0.2 |
| 584 | ids-enterprise-ng | = 20.1.6 |
| 585 | ids-enterprise-typings | = 20.1.6 |
| 586 | image-to-uri | = 1.0.2 || = 1.0.1 |
| 587 | insomnia-plugin-random-pick | = 1.0.4 |
| 588 | invo | = 0.2.2 |
| 589 | iron-shield-miniapp | = 0.0.2 |
| 590 | ito-button | = 8.0.3 |
| 591 | itobuz-angular | = 0.0.1 |
| 592 | itobuz-angular-auth | = 8.0.11 |
| 593 | itobuz-angular-button | = 8.0.11 |
| 594 | jacob-zuma | = 1.0.2 || = 1.0.1 |
| 595 | jaetut-varit-test | = 1.0.2 |
| 596 | jan-browser | = 0.13.1 |
| 597 | jquery-bindings | = 1.1.2 || = 1.1.3 |
| 598 | jsonsurge | = 1.0.7 |
| 599 | just-toasty | = 1.7.1 |
| 600 | kill-port | = 2.0.2 || = 2.0.3 |
| 601 | kinetix-default-token-list | = 1.0.5 |
| 602 | kinvey-cli-wrapper | = 0.3.1 |
| 603 | kinvey-flex-scripts | = 0.5.1 |
| 604 | kns-error-code | = 1.0.8 |
| 605 | korea-administrative-area-geo-json-util | = 1.0.7 |
| 606 | kwami | = 1.5.9 || = 1.5.10 |
| 607 | lang-codes | = 1.0.2 || = 1.0.1 |
| 608 | license-o-matic | = 1.2.2 || = 1.2.1 |
| 609 | lint-staged-imagemin | = 1.3.2 || = 1.3.1 |
| 610 | lite-serper-mcp-server | = 0.2.2 |
| 611 | lui-vue-test | = 0.70.9 |
| 612 | luno-api | = 1.2.3 |
| 613 | m25-transaction-utils | = 1.1.16 |
| 614 | manual-billing-system-miniapp-api | = 1.3.1 |
| 615 | mcp-use | = 1.4.2 || = 1.4.3 |
| 616 | medusa-plugin-announcement | = 0.0.3 |
| 617 | medusa-plugin-logs | = 0.0.17 |
| 618 | medusa-plugin-momo | = 0.0.68 |
| 619 | medusa-plugin-product-reviews-kvy | = 0.0.4 |
| 620 | medusa-plugin-zalopay | = 0.0.40 |
| 621 | mod10-check-digit | = 1.0.1 |
| 622 | mon-package-react-typescript | = 1.0.1 |
| 623 | my-saeed-lib | = 0.1.1 |
| 624 | n8n-nodes-tmdb | = 0.5.1 |
| 625 | n8n-nodes-vercel-ai-sdk | = 0.1.7 |
| 626 | n8n-nodes-viral-app | = 0.2.5 |
| 627 | nanoreset | = 7.0.2 || = 7.0.1 |
| 628 | next-circular-dependency | = 1.0.3 || = 1.0.2 |
| 629 | next-simple-google-analytics | = 1.1.2 || = 1.1.1 |
| 630 | next-styled-nprogress | = 1.0.4 || = 1.0.5 |
| 631 | ngx-useful-swiper-prosenjit | = 9.0.2 |
| 632 | ngx-wooapi | = 12.0.1 |
| 633 | nitro-graphql | = 1.5.12 |
| 634 | nitro-kutu | = 0.1.1 |
| 635 | nitrodeploy | = 1.0.8 |
| 636 | nitroping | = 0.1.1 |
| 637 | normal-store | = 1.3.2 || = 1.3.4 || = 1.3.1 || = 1.3.3 |
| 638 | nuxt-keycloak | = 0.2.2 |
| 639 | obj-to-css | = 1.0.3 || = 1.0.2 |
| 640 | okta-react-router-6 | = 5.0.1 |
| 641 | open2internet | = 0.1.1 |
| 642 | orbit-boxicons | = 2.1.3 |
| 643 | orbit-nebula-draw-tools | = 1.0.10 |
| 644 | orbit-nebula-editor | = 1.0.2 |
| 645 | orbit-soap | = 0.43.13 |
| 646 | orchestrix | = 12.1.2 |
| 647 | package-tester | = 1.0.1 |
| 648 | parcel-plugin-asset-copier | = 1.1.2 || = 1.1.3 |
| 649 | pdf-annotation | = 0.0.2 |
| 650 | pergel | = 0.13.2 |
| 651 | pergeltest | = 0.0.25 |
| 652 | piclite | = 1.0.1 |
| 653 | pico-uid | = 1.0.4 || = 1.0.3 |
| 654 | pkg-readme | = 1.1.1 |
| 655 | poper-react-sdk | = 0.1.2 |
| 656 | posthog-docusaurus | = 2.0.6 |
| 657 | posthog-js | = 1.297.3 |
| 658 | posthog-node | = 5.13.3 || = 5.11.3 || = 4.18.1 |
| 659 | posthog-plugin-hello-world | = 1.0.1 |
| 660 | posthog-react-native | = 4.11.1 || = 4.12.5 |
| 661 | posthog-react-native-session-replay | = 1.2.2 |
| 662 | prime-one-table | = 0.0.19 |
| 663 | prompt-eng | = 1.0.50 |
| 664 | prompt-eng-server | = 1.0.18 |
| 665 | puny-req | = 1.0.3 |
| 666 | quickswap-ads-list | = 1.0.33 |
| 667 | quickswap-default-staking-list | = 1.0.11 |
| 668 | quickswap-default-staking-list-address | = 1.0.55 |
| 669 | quickswap-default-token-list | = 1.5.16 |
| 670 | quickswap-router-sdk | = 1.0.1 |
| 671 | quickswap-sdk | = 3.0.44 |
| 672 | quickswap-smart-order-router | = 1.0.1 |
| 673 | quickswap-token-lists | = 1.0.3 |
| 674 | quickswap-v2-sdk | = 2.0.1 |
| 675 | ra-auth-firebase | = 1.0.3 |
| 676 | ra-data-firebase | = 1.0.8 || = 1.0.7 |
| 677 | react-component-taggers | = 0.1.9 |
| 678 | react-data-to-export | = 1.0.1 |
| 679 | react-element-prompt-inspector | = 0.1.18 |
| 680 | react-favic | = 1.0.2 |
| 681 | react-hook-form-persist | = 3.0.1 || = 3.0.2 |
| 682 | react-jam-icons | = 1.0.2 || = 1.0.1 |
| 683 | react-keycloak-context | = 1.0.9 || = 1.0.8 |
| 684 | react-library-setup | = 0.0.6 |
| 685 | react-linear-loader | = 1.0.2 |
| 686 | react-micromodal.js | = 1.0.2 || = 1.0.1 |
| 687 | react-native-datepicker-modal | = 1.3.2 || = 1.3.1 |
| 688 | react-native-email | = 2.1.1 || = 2.1.2 |
| 689 | react-native-fetch | = 2.0.2 || = 2.0.1 |
| 690 | react-native-get-pixel-dimensions | = 1.0.2 || = 1.0.1 |
| 691 | react-native-google-maps-directions | = 2.1.2 |
| 692 | react-native-jam-icons | = 1.0.2 || = 1.0.1 |
| 693 | react-native-log-level | = 1.2.2 || = 1.2.1 |
| 694 | react-native-modest-checkbox | = 3.3.1 |
| 695 | react-native-modest-storage | = 2.1.1 |
| 696 | react-native-phone-call | = 1.2.2 || = 1.2.1 |
| 697 | react-native-retriable-fetch | = 2.0.2 || = 2.0.1 |
| 698 | react-native-use-modal | = 1.0.3 |
| 699 | react-native-view-finder | = 1.2.2 || = 1.2.1 |
| 700 | react-native-websocket | = 1.0.4 || = 1.0.3 |
| 701 | react-native-worklet-functions | = 3.3.3 |
| 702 | react-packery-component | = 1.0.3 |
| 703 | react-qr-image | = 1.1.1 |
| 704 | react-scrambled-text | = 1.0.4 |
| 705 | rediff | = 1.0.5 |
| 706 | rediff-viewer | = 0.0.7 |
| 707 | redux-forge | = 2.5.3 |
| 708 | redux-router-kit | = 1.2.3 || = 1.2.2 || = 1.2.4 |
| 709 | revenuecat | = 1.0.1 |
| 710 | rollup-plugin-httpfile | = 0.2.1 |
| 711 | sa-company-registration-number-regex | = 1.0.2 || = 1.0.1 |
| 712 | sa-id-gen | = 1.0.4 || = 1.0.5 |
| 713 | samesame | = 1.0.3 |
| 714 | scgs-capacitor-subscribe | = 1.0.11 |
| 715 | scgsffcreator | = 1.0.5 |
| 716 | schob | = 1.0.3 |
| 717 | selenium-session | = 1.0.5 |
| 718 | selenium-session-client | = 1.0.4 |
| 719 | set-nested-prop | = 2.0.2 || = 2.0.1 |
| 720 | shelf-jwt-sessions | = 0.1.2 |
| 721 | shell-exec | = 1.1.3 || = 1.1.4 |
| 722 | shinhan-limit-scrap | = 1.0.3 |
| 723 | silgi | = 0.43.30 |
| 724 | simplejsonform | = 1.0.1 |
| 725 | skills-use | = 0.1.1 || = 0.1.2 |
| 726 | solomon-api-stories | = 1.0.2 |
| 727 | solomon-v3-stories | = 1.15.6 |
| 728 | solomon-v3-ui-wrapper | = 1.6.1 |
| 729 | soneium-acs | = 1.0.1 |
| 730 | sort-by-distance | = 2.0.1 |
| 731 | south-african-id-info | = 1.0.2 |
| 732 | stat-fns | = 1.0.1 |
| 733 | stoor | = 2.3.2 |
| 734 | sufetch | = 0.4.1 |
| 735 | super-commit | = 1.0.1 |
| 736 | svelte-autocomplete-select | = 1.1.1 |
| 737 | svelte-toasty | = 1.1.2 || = 1.1.3 |
| 738 | tanstack-shadcn-table | = 1.1.5 |
| 739 | tavily-module | = 1.0.1 |
| 740 | tcsp | = 2.0.2 |
| 741 | tcsp-draw-test | = 1.0.5 |
| 742 | tcsp-test-vd | = 2.4.4 |
| 743 | template-lib | = 1.1.3 || = 1.1.4 |
| 744 | template-micro-service | = 1.0.3 || = 1.0.2 |
| 745 | tenacious-fetch | = 2.3.3 || = 2.3.2 |
| 746 | test-foundry-app | = 1.0.4 || = 1.0.3 || = 1.0.2 || = 1.0.1 |
| 747 | test-hardhat-app | = 1.0.4 || = 1.0.3 || = 1.0.2 || = 1.0.1 |
| 748 | test23112222-api | = 1.0.1 |
| 749 | tiaan | = 1.0.2 |
| 750 | tiptap-shadcn-vue | = 0.2.1 |
| 751 | token.js-fork | = 0.7.32 |
| 752 | toonfetch | = 0.3.2 |
| 753 | trigo-react-app | = 4.1.2 |
| 754 | ts-relay-cursor-paging | = 2.1.1 |
| 755 | typeface-antonio-complete | = 1.0.5 |
| 756 | typefence | = 1.2.3 || = 1.2.2 |
| 757 | typeorm-orbit | = 0.2.27 |
| 758 | unadapter | = 0.1.3 |
| 759 | undefsafe-typed | = 1.0.4 || = 1.0.3 |
| 760 | unemail | = 0.3.1 |
| 761 | uniswap-router-sdk | = 1.6.2 |
| 762 | uniswap-smart-order-router | = 3.16.26 |
| 763 | uniswap-test-sdk-core | = 4.0.8 |
| 764 | unsearch | = 0.0.3 |
| 765 | uplandui | = 0.5.4 |
| 766 | upload-to-play-store | = 1.0.2 || = 1.0.1 |
| 767 | url-encode-decode | = 1.0.2 || = 1.0.1 |
| 768 | use-unsaved-changes | = 1.0.9 |
| 769 | utilitas | |
| 770 | v-plausible | = 1.2.1 |
| 771 | valid-south-african-id | = 1.0.3 |
| 772 | valuedex-sdk | = 3.0.5 |
| 773 | vf-oss-template | = 1.0.4 || = 1.0.3 || = 1.0.2 || = 1.0.1 |
| 774 | victoria-wallet-constants | = 0.1.1 || = 0.1.2 |
| 775 | victoria-wallet-core | = 0.1.1 || = 0.1.2 |
| 776 | victoria-wallet-type | = 0.1.1 || = 0.1.2 |
| 777 | victoria-wallet-utils | = 0.1.1 || = 0.1.2 |
| 778 | victoria-wallet-validator | = 0.1.1 || = 0.1.2 |
| 779 | victoriaxoaquyet-wallet-core | = 0.2.1 || = 0.2.2 |
| 780 | vite-plugin-httpfile | = 0.2.1 |
| 781 | vue-browserupdate-nuxt | = 1.0.5 |
| 782 | wallet-evm | = 0.3.2 || = 0.3.1 |
| 783 | wallet-type | = 0.1.1 || = 0.1.2 |
| 784 | web-scraper-mcp | = 1.1.4 |
| 785 | web-types-htmx | = 0.1.1 |
| 786 | web-types-lit | = 0.1.1 |
| 787 | webpack-loader-httpfile | = 0.2.1 |
| 788 | wellness-expert-ng-gallery | = 5.1.1 |
| 789 | wenk | = 1.0.10 || = 1.0.9 |
| 790 | zapier-async-storage | = 1.0.3 || = 1.0.2 || = 1.0.1 |
| 791 | zapier-platform-cli | = 18.0.4 || = 18.0.3 || = 18.0.2 |
| 792 | zapier-platform-core | = 18.0.4 || = 18.0.3 || = 18.0.2 |
| 793 | zapier-platform-legacy-scripting-runner | = 4.0.3 || = 4.0.2 || = 4.0.4 |
| 794 | zapier-platform-schema | = 18.0.4 || = 18.0.3 || = 18.0.2 |
| 795 | zapier-scripts | = 7.8.4 || = 7.8.3 |
| 796 | zuper-cli | = 1.0.1 |
| 797 | zuper-sdk | = 1.0.57 |
| 798 | zuper-stream | = 2.0.9 |
Mitigation
Customers are advised to remove the malicious npm packages from their assets to address the vulnerability.
Qualys Detection
Qualys customers can scan their devices with QID 5006316 to detect vulnerable assets.
Note: QID 5006316 is available via SwCA, which needs to be enabled.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities
References
https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack
https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages