September 20, 2025

Web News: The Shai‑Hulud Worm Attack (NPM Hack)

Listen Later

37 minutes

In this episode of Web News, Matt and Mike dive into two massive worm attacks that recently hit npm, targeting packages used in millions of projects. While the attackers aimed to steal crypto wallet keys, the actual damage was small—but the implications are enormous. We break down how these man-in-the-middle attacks worked, why shadow dependencies are such a big risk, and what tools like pnpm’s minimum release age can do to help. We also discuss whether AI might allow developers to skip quick one-time npm packages entirely, reducing dependency sprawl and potential vulnerabilities.

Show Notes: https://www.htmlallthethings.com/podcast/the-shai-hulud-worm-attack-npm-hack

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

HTML All The Things - Web Development, Web Design, Small Business

By Matt Lawrence and Mike Karan

4.8

4646 ratings

September 20, 2025

Web News: The Shai‑Hulud Worm Attack (NPM Hack)

Listen Later

37 minutes

In this episode of Web News, Matt and Mike dive into two massive worm attacks that recently hit npm, targeting packages used in millions of projects. While the attackers aimed to steal crypto wallet keys, the actual damage was small—but the implications are enormous. We break down how these man-in-the-middle attacks worked, why shadow dependencies are such a big risk, and what tools like pnpm’s minimum release age can do to help. We also discuss whether AI might allow developers to skip quick one-time npm packages entirely, reducing dependency sprawl and potential vulnerabilities.

Show Notes: https://www.htmlallthethings.com/podcast/the-shai-hulud-worm-attack-npm-hack

...more

More shows like HTML All The Things - Web Development, Web Design, Small Business

Philosophize This! by Stephen West

Philosophize This!

15,216 Listeners

Software Engineering Radio by se-radio@computer.org

Software Engineering Radio

273 Listeners

The Changelog: Software Development, Open Source by Changelog Media

The Changelog: Software Development, Open Source

292 Listeners

Uncanny Valley | WIRED by WIRED

Uncanny Valley | WIRED

494 Listeners

Software Engineering Daily by Software Engineering Daily

Software Engineering Daily

625 Listeners

Talk Python To Me by Michael Kennedy

Talk Python To Me

585 Listeners

Soft Skills Engineering by Jamison Dance and Dave Smith

Soft Skills Engineering

288 Listeners

Python Bytes by Michael Kennedy and Brian Okken

Python Bytes

214 Listeners

Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

Syntax - Tasty Web Development Treats

982 Listeners

REWORK by 37signals

REWORK

209 Listeners

The freeCodeCamp Podcast by freeCodeCamp.org

The freeCodeCamp Podcast

483 Listeners

The Stack Overflow Podcast by The Stack Overflow Podcast

The Stack Overflow Podcast

63 Listeners

The Real Python Podcast by Real Python

The Real Python Podcast

141 Listeners

Big Technology Podcast by Alex Kantrowitz

Big Technology Podcast

477 Listeners

The Next Wave - AI and The Future of Technology by Mindstream (Hubspot Media)

The Next Wave - AI and The Future of Technology

61 Listeners