Syntax - Tasty Web Development Treats

1004: TanHacked

Listen Later

Scott and Wes break down the “Mini Shai-Hulud” supply chain attack that compromised TanStack and other popular npm packages through a clever GitHub Actions cache poisoning exploit; a self-propagating worm that stole credentials and persisted through Claude Code hooks and VS Code tasks. They also cover how developers can protect themselves using pnpm’s security defaults, dev containers, and other practical defenses.

Show Notes
  • 00:00 Welcome to Syntax!
  • 00:25 Understanding the Shai-Hulud Worm
    • Post Mortem of Shai Hulud Attack
    • 02:47 Mechanics of the Attack: GitHub Actions and Cache
      • How the attack happened
      • Who Was Involved in the Attack
      • Several npm latest releases are compromised
      • Socket.dev
      • Step Security
      • 05:44 Brought to you by Sentry.io
      • 06:09 Propagation and Impact of the Worm
      • 09:30 Preventative Measures for Developers
        • Dead Man’s Switch
        • 12:33 The Role of Package Managers in Security
          • Block Exotic Subdeps
          • 18:39 Using Dev Containers
            • Why You Should Use Dev Containers
            • Scott Tolinski’s Security Review
            • 20:57 Conclusion and Final Thoughts
              • Sentry has Skills!
                • Hit us up on Socials!

                Syntax: X Instagram Tiktok LinkedIn Threads

                Wes: X Instagram Tiktok LinkedIn Threads

                Scott: X Instagram Tiktok LinkedIn Threads

                Randy: X Instagram YouTube Threads

                ...more
                View all episodesView all episodes
                Download on the App Store
                Syntax - Tasty Web Development TreatsBy Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
                • 4.9
                • 4.9
                • 4.9
                • 4.9
                • 4.9

                4.9

                977 ratings

                More shows like Syntax - Tasty Web Development Treats

                View all
                Software Engineering Radio - the podcast for professional software developers by team@se-radio.net (SE-Radio Team)

                Software Engineering Radio - the podcast for professional software developers

                273 Listeners

                Hanselminutes with Scott Hanselman by Scott Hanselman

                Hanselminutes with Scott Hanselman

                382 Listeners

                The Changelog: Software Development, Open Source by Changelog Media

                The Changelog: Software Development, Open Source

                288 Listeners

                Software Engineering Daily by Software Engineering Daily

                Software Engineering Daily

                626 Listeners

                Talk Python To Me by Michael Kennedy

                Talk Python To Me

                583 Listeners

                Soft Skills Engineering by Jamison Dance and Dave Smith

                Soft Skills Engineering

                287 Listeners

                Thoughtworks Technology Podcast by Thoughtworks

                Thoughtworks Technology Podcast

                44 Listeners

                Python Bytes by Michael Kennedy and Brian Okken

                Python Bytes

                214 Listeners

                The freeCodeCamp Podcast by freeCodeCamp.org

                The freeCodeCamp Podcast

                485 Listeners

                CoRecursive: Coding Stories by Adam Gordon Bell - Software Developer

                CoRecursive: Coding Stories

                189 Listeners

                Practical AI by Practical AI LLC

                Practical AI

                212 Listeners

                The Stack Overflow Podcast by The Stack Overflow Podcast

                The Stack Overflow Podcast

                63 Listeners

                The Real Python Podcast by Real Python

                The Real Python Podcast

                140 Listeners

                PodRocket by LogRocket

                PodRocket

                61 Listeners

                Oxide and Friends by Oxide Computer Company

                Oxide and Friends

                67 Listeners