In this episode of Web News, Matt and Mike dive into two massive worm attacks that recently hit npm, targeting packages used in millions of projects. While the attackers aimed to steal crypto wallet keys, the actual damage was small—but the implications are enormous. We break down how these man-in-the-middle attacks worked, why shadow dependencies are such a big risk, and what tools like pnpm’s minimum release age can do to help. We also discuss whether AI might allow developers to skip quick one-time npm packages entirely, reducing dependency sprawl and potential vulnerabilities.
Show Notes: <a href='https://www.htmlallthethings.com/podcast/the-shai-hulud-worm-attack-npm-hack'>https://www.htmlallthethings.com/podcast/the-shai-hulud-worm-attack-npm-hack</a>

In this episode of Web News, Matt and Mike dive into two massive worm attacks that recently hit npm, targeting packages used in millions of projects. While the attackers aimed to steal crypto wallet keys, the actual damage was small—but the implications are enormous. We break down how these man-in-the-middle attacks worked, why shadow dependencies are such a big risk, and what tools like pnpm’s minimum release age can do to help. We also discuss whether AI might allow developers to skip quick one-time npm packages entirely, reducing dependency sprawl and potential vulnerabilities. Show Notes: https://www.htmlallthethings.com/podcast/the-shai-hulud-worm-attack-npm-hack

In this episode of Web News, Matt and Mike dive into two massive worm attacks that recently hit npm, targeting packages used in millions of projects. While the attackers aimed to steal crypto wallet keys, the actual damage was small—but the implications are enormous. We break down how these man-in-the-middle attacks worked, why shadow dependencies are such a big risk, and what tools like pnpm’s minimum release age can do to help. We also discuss whether AI might allow developers to skip quick one-time npm packages entirely, reducing dependency sprawl and potential vulnerabilities.
Show Notes: <a href="https://www.htmlallthethings.com/podcast/the-shai-hulud-worm-attack-npm-hack" rel="noopener noreferrer">https://www.htmlallthethings.com/podcast/the-shai-hulud-worm-attack-npm-hack</a>

Web News: The Shai‑Hulud Worm Attack (NPM Hack)

HTML All The Things is a podcast for developers navigating the modern web industry.
Hosted by web development agency owners Matt Lawrence and Mike Karan, the show explores web development, AI-driven industry shifts, and the realities of building a sustainable career in tech.
Matt and Mike discuss foundational technologies like HTML, CSS, and JavaScript along with modern tools and frameworks such as Svelte, Vue, WordPress, React, and Tailwind. But beyond the code, the show also dives into freelancing, running a web agency, dealing with clients, and how developers can stay competitive as the industry evolves.
If you're a developer who wants to sharpen your technical skills, understand where the industry is heading, and build long-term leverage in your career or business, this podcast is for you.

News

Technology

Education

How To

Tech News

HTML All The Things is a podcast for developers navigating the modern web industry. Hosted by web development agency owners Matt Lawrence and Mike Karan, the show explores web development, AI-driven industry shifts, and the realities of building a sustainable career in tech. Matt and Mike discuss foundational technologies like HTML, CSS, and JavaScript along with modern tools and frameworks such as Svelte, Vue, WordPress, React, and Tailwind. But beyond the code, the show also dives into freelancing, running a web agency, dealing with clients, and how developers can stay competitive as the industry evolves. If you're a developer who wants to sharpen your technical skills, understand where the industry is heading, and build long-term leverage in your career or business, this podcast is for you.

Share Web News: The Shai‑Hulud Worm Attack (NPM Hack)

Sign up to save your podcasts

Web News: The Shai‑Hulud Worm Attack (NPM Hack)

Web News: The Shai‑Hulud Worm Attack (NPM Hack)

More shows like HTML All The Things - Web Development, AI, and Developer Careers

The Joe Rogan Experience

The Changelog: Software Development, Open Source

The Side Hustle Show

Software Engineering Daily

JavaScript Jabber

This Past Weekend w/ Theo Von

JavaScript Jabber

Syntax - Tasty Web Development Treats

The freeCodeCamp Podcast

PodRocket

Whiskey Web and Whatnot

Develop Yourself

The Startup Ideas Podcast

WEAPONIZED with Jeremy Corbell & George Knapp

Front-End Fire