In this episode, host Mackenzie Jackson is joined by Charlie Erikson and Daniel Pereira to uncover the story of Shai-Hulud — a self-propagating worm that shook the NPM ecosystem. Like the great sandworm of Arrakis, it surfaced suddenly, exfiltrating secrets and spreading through unsuspecting packages.Daniel recounts his discovery and the frustrating desert-like silence from major platforms as he tried to raise the alarm. Charlie dives into the worm’s anatomy, from environment variable theft to GitHub action exploits, showing how attackers evolved their tactics from the earlier NX breach.Together, they reflect on what it takes to fight worms in the shifting sands of open source, and why the community needs faster ways to respond before the next Shai-Hulud emerges.