threat intelligence

Return of Shai-Hulud: The “Second Coming” of the NPM Supply Chain Compromise

This blog walks through the malicious code present in the second iteration of the Shai-Hulud compromise.

Pulsedive Threat Research

26 Nov 2025 • 33 min read

💡

For our previous blog on Shai-Hulud, please click here.

💡

Artifacts from this blog are available within our GitHub Repository.

On November 24, 2025, multiple security vendors reported a new Shai-Hulud campaign that compromised several popular npm packages. The compromised packages include those from Zapier, ENS Domains, PostHog, and Postman. Researchers from Wiz and Aikido identified that the malicious packages were added to NPM between November 21 and 23, 2025. The compromise results in a GitHub repository containing stolen information. GitHub has been removing repositories; however, as of 15:00 EST on November 25, 2025, some remain accessible.

https://t.co/wljoG10P3o
— Amjad Masad (@amasad) November 24, 2025

This blog will walk through the malicious code present in the second iteration of the Shai-Hulud compromise.

How Does the Compromise Work?

The malicious versions of the NPM packages contained two files called setup_bun.js and bun_environment.js. These were made to look like the package was introducing the Bun runtime, which is a JavaScript runtime environment, package manager, and test runner. According to researchers at HelixGuard, the setup_bun.js file contains code that masquerades as Bun setup code and invokes the bun_environment.js file.

Figure 1: Content of `setup_bun.js`. Source: HelixGuard

The bun_environment.js file is an obfuscated JavaScript file, around 10 MB in size, that contains code for collecting secrets and exfiltrating information.

Figure 2: File size of `bun_environment.js`

Figure 3: Content of `bun_environment.js`

The malicious code attempts to add workflows to the infected machines. One such workflow is .github/workflows/discussion.yaml, which executes commands by opening a discussion in the GitHub repo.

The malicious code collects information about the system and collects secrets from AWS, GCP, and Azure.

Figure 5: References to system checks and cloud secret collections in `bun_environment.js`.

The collected content is double base64-encoded before being added to the public GitHub repo. Reporting from socket.dev states that the exfiltrated content was triple base64-encoded and that some repositories also contained a file called actionSecrets.json. This file was not present in the repositories we reviewed, but scanners for Sha1-Hulud reference it.

Propagation is similar to that seen in the first campaign. Once the worm identifies a valid NPM token, it fetches the maintainer’s package (limited to 100 packages) and updates each package using the updatePackage() function.

The updatePackage() function adds the setup_bun.js and bun_environment.js files to the package, updates the package.json file to add the preinstall script, and increments the patch version before publishing the compromised version.

Socket.dev also reported on the destructive capabilities of the worm. If the worm cannot find a GitHub token or an NPM token, it attempts to delete files. For Windows environments, the worm uses cmd.exe to delete all files in %USERPROFILE% (the current user’s profile directory) and overwrites the free space using the cipher /w command. This command overwrites deleted data in a drive's free space, making it unrecoverable.

Figure 6: File Deletion Code. Source: socket.dev

In Linux or macOS environments, the worm finds all of a user’s writable files and overwrites them with the shred command before deleting the empty directories.

Figure 7: Linux man page for the `shred` command. Source: Linux

Scope of Compromise

The worm creates a GitHub repository with the description Sha1-Hulud: The Second Coming. These repositories contain exfiltrated data. As of 19:45 EST on November 24, 2025, approximately 22,600 GitHub repositories had the description Sha1-Hulud: The Second Coming.

Figure 8: Search results on GitHub for repositories containing the phrase *`Sha1-Hulud: The Second Coming`*

Each of these repositories contain .json files with base64-encoded data. The files included in the repository are:

cloud.json
contents.json
environment.json

Some repositories also had a file called truffleSecrets.json.

Exfiltrated Information

cloud.json

The cloud.json file contains any secrets extracted from AWS, GCP, and Azure. The content is double base64-encoded, and the decoded text is a JSON object.

contents.json

The contents.json file contains information about the system, including operating system, architecture, user details, and GitHub account details. The content is double base64-encoded, and the decoded text is a JSON object.

environment.json

The environment.json file contains build information. The content is double base64-encoded, and the decoded text is a JSON object.

{
  "environment": {
    "SHELL": "/bin/bash",
    "npm_command": "install",
    "REPOSOLNS_HELM_RELEASE_REPO": "https://helm.ci.artifacts.walmart.com/artifactory/ret-marketplace-helm-prod-local",
    "LOOPER_TARGET_BRANCH": "AGAction",
    "TASK_LOG_SIZE_LIMIT": "500000000",
    "LOOPER_SCM_OWNER_ID": "RET-Marketplace",
    "ak_Password": "<redacted>",
    "npm_package_dev_optional": "",
    "npm_config_loglevel": "verbose",
    "GITHUB_BRANCH_SHORT_DESC": "GitHub branch AGAction: Branch build",
    "no_proxy": ".us.wal-mart.com,localhost,127.0.0.1,dev.walmart.com,cdn.cocoapods.org,*-keystone-endpoint.prod.walmart.com,cdn.jsdelivr.net,slack.com,*.blob.core.windows.net,mockDeliveryUrl,ondemand.saucelabs.com,jira.walmart.com*.prod.us.walmart.net,*.googleapis.com,euclid.azurecr.io,*xmatters.com,sandbox-cluboperations-claims.azurewebsites.net,accounts.google.com,usgta*.wal-mart.com,metadata.google.*,cloud.google.com,ossindex.sonatype.org,*.azure-api.net,*dev-transpo-fresh-pullforward-aggregator.azurewebsites.net/actuator/health,*samsclub.riversand.com*,sb.scorecardresearch.com,i.imgur.com,kafka-local-landoop,mock-server,vault,postgresql,active-mq,phonehome.hazelcast.com,*.azurewebsites.net,login.microsoftonline.com,dc.services.visualstudio.com,marketplace.walmartapis.com,*.saucelabs.com,blob.core.windows.net,file.appcenter.ms,testburst.walmart.com,tnest.walmart.com,gcr.io",
    "ALLOW_NUGET_PUSH_TO_AF": "true",
    "TRACK": "walmartUS",
    "RUN_TESTS_DISPLAY_URL": "https://runner-1-2175078775.<redacted>pro-prod-runner02.prod-ndc23.prod.walmart.com/job/Feature-MultiBranch-PWT/job/AGAction/22/display/redirect?page=tests",
    "REPOSOLNS_GENERIC_REPO": "https://generic.ci.artifacts.walmart.com/artifactory/ret-marketplace-generic",
    "REPOSOLNS_PYPI_REPO": "https://pypi.ci.artifacts.walmart.com/artifactory/api/pypi/ret-marketplace-pypi",
    "LOOPER_SLAVE": "<redacted>pro-prod-agent110-17",
    "GITHUB_REPO_GIT_URL": "git://gecgithub01.walmart.com/RET-Marketplace/mp-coee-pwt.git",
    "REPOSOLNS_PYPI_RELEASE_REPO": "https://pypi.ci.artifacts.walmart.com/artifactory/api/pypi/ret-marketplace-pypi-prod-local",
    "npm_package_integrity": "sha512-8tLdJQAFOYmmAkXI5ADBsNz+qbB4HbkKcPSREn3Fl11SAH9ogM6j7qd7q4XUp4lY/Re47PXEN3XJKXDKOivIDg==",
    "server": "runner-1-2175078775.<redacted>pro-prod-runner02.prod-ndc23.prod.walmart.com",
    "REPOSOLNS_NPM_BASEURL": "https://npm.ci.artifacts.walmart.com/artifactory/api/npm",
    "NPM_CONFIG_CACHE": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/.npm",
    "NODE": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/nodejs-22.1.0/bin/node",
    "JENKINS_SERVER_COOKIE": "cad2bf9e97974601",
    "JAVA_HOME": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/jdk-1.8.0_161-b12",
    "GITHUB_REPO_SSH_URL": "git@gecgithub01.walmart.com:RET-Marketplace/mp-coee-pwt.git",
    "Timeout": "360000",
    "NODE_EXTRA_CA_CERTS": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/provenance-0.44.0/var/work/proxy-cacerts.pem",
    "REPOSOLNS_SBT_SNAPSHOT_REPO": "https://sbt.ci.artifacts.walmart.com/artifactory/ret-marketplace-sbt-snapshots-local",
    "TRIGGER_TARGET_BRANCH": "AGAction",
    "PROVENANCE_CACERT_PEM": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/provenance-0.44.0/var/work/proxy-cacerts.pem",
    "PROXIMITY_MVN_RELEASE": "https://repository.walmart.com/content/groups/public/",
    "RUN_CHANGES_DISPLAY_URL": "https://runner-1-2175078775.<redacted>pro-prod-runner02.prod-ndc23.prod.walmart.com/job/Feature-MultiBranch-PWT/job/AGAction/22/display/redirect?page=changes",
    "COLOR": "0",
    "npm_config_local_prefix": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/ws",
    "LOOPER_EXECUTOR": "0",
    "REPOSOLNS_NPM_SNAPSHOT_REPO": "https://npm.ci.artifacts.walmart.com/artifactory/api/npm/ret-marketplace-npm",
    "PROVENANCE_HOSTNAME": "agent-17-2154463403.<redacted>pro-prod-agent110.edc02.prod.walmart.com",
    "NPM_CONFIG_REGISTRY": "https://npm.ci.artifacts.walmart.com/artifactory/api/npm/ret-marketplace-npm/",
    "npm_config_globalconfig": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/nodejs-22.1.0/globalconfig",
    "REPOSOLNS_MVN_REPO": "https://mvn.ci.artifacts.walmart.com/artifactory/ret-marketplace-mvn",
    "REPOSOLNS_DOCKER_REPONAME": "ret-marketplace-docker",
    "EDITOR": "vi",
    "REPOSOLNS_MVN_SNAPSHOT_REPO": "https://mvn.ci.artifacts.walmart.com/artifactory/ret-marketplace-mvn-snapshots-local",
    "ENV": "qa",
    "MART_UPPER": "",
    "HUDSON_HOME": "/<redacted>/<redacted>-workspace",
    "PWD": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/ws/node_modules/@postman/tunnel-agent",
    "LOGNAME": "<redacted>",
    "NODEJS_HOME": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/nodejs-22.1.0",
    "GIT_SSL_CAINFO1": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/provenance-0.44.0/var/work/proxy-cacerts.pem",
    "PROXIMITY_MVN_SNAPSHOT": "https://repository.walmart.com/content/groups/public_snapshots/",
    "BUILD_URL": "https://runner-1-2175078775.<redacted>pro-prod-runner02.prod-ndc23.prod.walmart.com/job/Feature-MultiBranch-PWT/job/AGAction/22/",
    "SLACK_CHANNEL": "",
    "ALLOW_NPM_PUSH_TO_AF": "true",
    "PROVENANCE_HOME": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/provenance-0.44.0",
    "NPM_HOME": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/npm-10.7.0",
    "GITHUB_BRANCH_URL": "https://gecgithub01.walmart.com/RET-Marketplace/mp-coee-pwt",
    "REPOSOLNS_DOCKER_SNAPSHOT_REPONAME": "ret-marketplace-docker-snapshots-local",
    "JOB_URL": "https://runner-1-2175078775.<redacted>pro-prod-runner02.prod-ndc23.prod.walmart.com/job/Feature-MultiBranch-PWT/job/AGAction/",
    "npm_package_dev": "",
    "npm_config_init_module": "/mnt/<redacted>/.npm-init.js",
    "BUILD_NUMBER": "22",
    "SYSTEMD_EXEC_PID": "2414440",
    "GIT_COMMITTER_NAME": "SVC-ciad-prod1",
    "ALLOW_ARTIFACTORY": "true",
    "LOOPER_AGENT_LABELS": "ASSEMBLY-<redacted>pro-prod-agent110, CLOUD-prod-edc02, docker-daemon, linux, <redacted>pro-prod-agent110, <redacted>pro-prod-agent110-17",
    "_": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/nodejs-22.1.0/bin/node",
    "PROXIMITY_MVN_REPO": "https://repository.walmart.com/content/groups/public",
    "REPOSOLNS_SBT_REPO": "https://sbt.ci.artifacts.walmart.com/artifactory/ret-marketplace-sbt",
    "REPOSOLNS_PYPI_SNAPSHOT_REPO": "https://pypi.ci.artifacts.walmart.com/artifactory/api/pypi/ret-marketplace-pypi-snapshots-local",
    "LOOPER_AGENT": "<redacted>pro-prod-agent110-17",
    "MAIL_TO": "",
    "BUILD_DISPLAY_NAME": "#22",
    "HOME": "/mnt/<redacted>",
    "npm_package_peer": "",
    "LANG": "en-US",
    "REPOSOLNS_SBT_RELEASE_REPO": "https://sbt.ci.artifacts.walmart.com/artifactory/ret-marketplace-sbt-prod-local",
    "WORKDIR": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/ws",
    "DataProvider": "false",
    "TRIM_TASK_LOG": "false",
    "TRIGGER_BRANCH": "AGAction",
    "npm_package_version": "0.6.7",
    "LOOPER_SLAVE_LABELS": "ASSEMBLY-<redacted>pro-prod-agent110, CLOUD-prod-edc02, docker-daemon, linux, <redacted>pro-prod-agent110, <redacted>pro-prod-agent110-17",
    "REPOSOLNS_VIRTUAL_DEFAULT_DEPLOYMENT": "-prod-local",
    "REPOSOLNS_DOCKER_RELEASE_REPONAME": "ret-marketplace-docker-prod-local",
    "LOOPER_TRIGGER": "USER",
    "REPOSOLNS_NPM_RELEASE_REPO": "https://npm.ci.artifacts.walmart.com/artifactory/api/npm/ret-marketplace-npm-prod-local",
    "SEND_SLACK": "false",
    "REPOSOLNS_FQDN_CI": "ci.artifacts.walmart.com",
    "npm_config_proxy": "http://10.167.213.150:43754",
    "JENKINS_URL": "https://runner-1-2175078775.<redacted>pro-prod-runner02.prod-ndc23.prod.walmart.com/",
    "npm_package_resolved": "https://npm.ci.artifacts.walmart.com:443/artifactory/api/npm/ret-marketplace-npm/@postman/tunnel-agent/-/tunnel-agent-0.6.7.tgz",
    "JOB_BASE_NAME": "AGAction",
    "GITHUB_BRANCH_CAUSE_SKIP": "false",
    "REPOSOLNS_DOCKER_SERVER": "docker.ci.artifacts.walmart.com",
    "REPOSOLNS_SCALA_REPO": "https://sbt.ci.artifacts.walmart.com/artifactory/ret-marketplace-sbt",
    "https_proxy": "http://10.167.213.150:43754",
    "JOB_NAME": "Feature-MultiBranch-PWT/AGAction",
    "IS_ENV_PREPPED": "true",
    "REPOSOLNS_MVN_RELEASE": "https://mvn.ci.artifacts.walmart.com/artifactory/ret-marketplace-mvn",
    "LOOPER_SONAR_TEST_URL": "https://sonar<redacted>producer.walmart.com/<redacted>-sonar-results",
    "INVOCATION_ID": "f834301562964d4eba8eb58e8204315f",
    "RUN_DISPLAY_URL": "https://runner-1-2175078775.<redacted>pro-prod-runner02.prod-ndc23.prod.walmart.com/job/Feature-MultiBranch-PWT/job/AGAction/22/display/redirect",
    "CHROMEDRIVER_CDNURL": "http://gec-maven-nexus.walmart.com/nexus/repository/googleapis-storage/chromedriver",
    "REPOSOLNS_NPM_REPO": "https://npm.ci.artifacts.walmart.com/artifactory/api/npm/ret-marketplace-npm",
    "LOOPER_SCM_URL": "https://gecgithub01.walmart.com/RET-Marketplace/mp-coee-pwt.git",
    "GIT_AUTHOR_EMAIL": "SVC-ciad-prod1@walmart.com",
    "REPOSOLNS_MVN_SNAPSHOT": "https://mvn.ci.artifacts.walmart.com/artifactory/ret-marketplace-mvn-snapshots-local",
    "LOOPER_FLOW": "init",
    "secret": "dde38c953e6fe119ebde4be3321ee547038ec555c4e9e5e9cc30b9a309a59383",
    "LOOPER_FLOW_TYPE": "BRANCH",
    "REPOSOLNS_GENERIC_SNAPSHOT_REPO": "https://generic.ci.artifacts.walmart.com/artifactory/ret-marketplace-generic-snapshots-local",
    "Project": "feature",
    "GITHUB_BRANCH_TITLE": "",
    "JOB_DISPLAY_URL": "https://runner-1-2175078775.<redacted>pro-prod-runner02.prod-ndc23.prod.walmart.com/job/Feature-MultiBranch-PWT/job/AGAction/display/redirect",
    "INIT_CWD": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/ws",
    "reposolnsPrepEnvStepOptions": "{{maxRetries = 3, timeout = 10, waitTime = 3, afUrl = 'https://ci.artifacts.walmart.com/artifactory/api/plugins/execute/EnvVariablesMap?params=org=_{LOOPER_SCM_OWNER_ID.toLowerCase()};type=properties'}}",
    "reposolnsUsername": "reposolns",
    "WORKSPACE": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/ws",
    "npm_lifecycle_script": "node setup_bun.js",
    "LOOPER_JOB_TYPE": "multibranch",
    "LOOPER_YAML_LOCATION": ".<redacted>Feature.yml",
    "GIT_PREVIOUS_COMMIT": "5595cbd56d1df1f15d859f5535d5c157f26b81df",
    "reposolns_context": "{{id = prod, access_tokens = {ci_write = {credentials_id = reposolns_vault_ci_write_creds_prod, token_id = reposolns_vault_ci_write_token_prod, url = https://akeyless.gw.prod.glb.us.walmart.net:8080, path = \"_{reposolns_context.id.replaceFirst('prod', '').replaceFirst('^(qa|stg)$', 'Non-')}Prod/reposolns/#{reposolns_context.id}/ci_write/_{LOOPER_SCM_OWNER_ID.toLowerCase()}\", af_username = reposolns, access_id = 'p-8dydleky17zq', access_type = ldap}}, technologies = [{access_token_id = ci_write, reference_id = docker.ci.artifacts.walmart.com, type = docker}, {access_token_id = ci_write, reference_id = 'docker.ci.artifacts.#{reposolns_context.id}.walmart.com', type = docker}, {access_token_id = ci_write, reference_id = 'af-snapshot', type = maven}, {access_token_id = ci_write, reference_id = 'af-release', type = maven}], environment = {REPOSOLNS_FQDN_CI = ci.artifacts.walmart.com, REPOSOLNS_URL = 'https://#{REPOSOLNS_FQDN_CI}/artifactory'}}}",
    "SONAR_SCANNER_OPTS1": "-Djavax.net.ssl.trustStore=/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/provenance-0.44.0/var/work/proxy-cacerts.jks -Djavax.net.ssl.trustStorePassword=foobar",
    "HUDSON_URL": "https://runner-1-2175078775.<redacted>pro-prod-runner02.prod-ndc23.prod.walmart.com/",
    "npm_package_optional": "",
    "REPOSOLNS_PYPI_BASEURL": "https://pypi.ci.artifacts.walmart.com/artifactory/api/pypi",
    "npm_config_npm_version": "10.7.0",
    "CURLOPT_CAPATH1": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/provenance-0.44.0/var/work/proxy-cacerts.pem",
    "GITHUB_BRANCH_FULL_REF": "refs/heads/AGAction",
    "GIT_COMMITTER_EMAIL": "SVC-ciad-prod1@walmart.com",
    "npm_package_name": "@postman/tunnel-agent",
    "GITHUB_BRANCH_NAME": "AGAction",
    "NODE_NAME": "<redacted>pro-prod-agent110-17",
    "LOOPER_RUN_ID": "03bd94b0-6650-4c5c-90c0-0c883b7746c6",
    "npm_config_prefix": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/nodejs-22.1.0",
    "GITHUB_BRANCH_HEAD_SHA": "16f766887ffda24e6cf41bbb3d900ada4aa1d881",
    "LOOPER_NAME": "Feature-MultiBranch-PWT/AGAction",
    "USER": "<redacted>",
    "npm_config_http_proxy": "http://sysproxy.wal-mart.com:8080",
    "JAVA_TOOL_OPTIONS": "-Dhttp.useProxy=true -Dhttps.useProxy=true -Dhttp.proxyHost=10.167.213.150 -Dhttp.proxyPort=43754 -Dhttps.proxyHost=10.167.213.150 -Dhttps.proxyPort=43754 -Dhttp.nonProxyHosts='localhost|127.0.0.1|cdn.cocoapods.org|*-keystone-endpoint.prod.walmart.com|cdn.jsdelivr.net|slack.com|*.blob.core.windows.net|mockDeliveryUrl|*.saucelabs.com|jira.walmart.com|*.prod.us.walmart.net|*.googleapis.com|euclid.azurecr.io|*xmatters.com|sandbox-cluboperations-claims.azurewebsites.net|accounts.google.com|usgta*.wal-mart.com|metadata.google.*|cloud.google.com|*ossindex.sonatype.org*|*.azure-api.net|sb.scorecardresearch.com|i.imgur.com|kafka-local-landoop|mock-server|vault|postgresql|active-mq|phonehome.hazelcast.com|*.azurewebsites.net|login.microsoftonline.com|dc.services.visualstudio.com|marketplace.walmartapis.com|*.saucelabs.com|blob.core.windows.net|file.appcenter.ms|testburst.walmart.com|tnest.walmart.com|gcr.io'",
    "NO_PROXY": ".us.wal-mart.com,localhost,127.0.0.1,dev.walmart.com,cdn.cocoapods.org,*-keystone-endpoint.prod.walmart.com,cdn.jsdelivr.net,slack.com,*.blob.core.windows.net,mockDeliveryUrl,ondemand.saucelabs.com,jira.walmart.com,*.prod.us.walmart.net,*.googleapis.com,euclid.azurecr.io,*xmatters.com,sandbox-cluboperations-claims.azurewebsites.net,accounts.google.com,usgta*.wal-mart.com,metadata.google.*,cloud.google.com,ossindex.sonatype.org,*.azure-api.net,*dev-transpo-fresh-pullforward-aggregator.azurewebsites.net/actuator/health,*samsclub.riversand.com*,sb.scorecardresearch.com,i.imgur.com,kafka-local-landoop,mock-server,vault,postgresql,active-mq,phonehome.hazelcast.com,*.azurewebsites.net,login.microsoftonline.com,dc.services.visualstudio.com,marketplace.walmartapis.com,*.saucelabs.com,blob.core.windows.net,file.appcenter.ms,testburst.walmart.com,tnest.walmart.com,gcr.io",
    "REPOSOLNS_HELM_SNAPSHOT_REPO": "https://helm.ci.artifacts.walmart.com/artifactory/ret-marketplace-helm-snapshots-local",
    "EmailReport": "false",
    "HUDSON_SERVER_COOKIE": "cad2bf9e97974601",
    "PHANTOMJS_CDNURL": "http://gec-maven-nexus.walmart.com/nexus/repository/PhantomJS",
    "TestAPPType": "UI",
    "REPOSOLNS_DOCKER_REPO": "ret-marketplace-docker",
    "NPM_CONFIG_USERCONFIG": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/nodejs-22.1.0/userconfig",
    "MART": "us",
    "proxy": "com.walmartlabs.<redacted>.engine.tools.ProxyConfig@56276214",
    "NPM_CONFIG_GLOBALCONFIG": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/nodejs-22.1.0/globalconfig",
    "NPM_REGISTRY_VARIANCE": "0",
    "npm_lifecycle_event": "preinstall",
    "APP_NAME": "ONDEMAND",
    "GIT_URL": "https://gecgithub01.walmart.com/RET-Marketplace/mp-coee-pwt.git",
    "SHLVL": "1",
    "BUILD_TAG": "jenkins-Feature-MultiBranch-PWT-AGAction-22",
    "SSL_CERT_FILE1": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/provenance-0.44.0/var/work/proxy-cacerts.pem",
    "HTTPS_PROXY": "http://10.167.213.150:43754",
    "PRIVATE_NPM_REGISTRY": "https://npm.ci.artifacts.walmart.com/artifactory/api/npm/ret-marketplace-npm/",
    "HTTP_PROXY": "http://10.167.213.150:43754",
    "EXECUTOR_NUMBER": "0",
    "reposolnsPassword": "<redacted>",
    "NPM_REGISTRY_PRIMARY": "https://npm.ci.artifacts.walmart.com/artifactory/api/npm/ret-marketplace-npm/",
    "TEST_RESULT": "false",
    "TRIGGER_REFSPEC": "+refs/heads/AGAction:refs/remotes/origin/AGAction",
    "REPOSOLNS_MVN_RELEASE_REPO": "https://mvn.ci.artifacts.walmart.com/artifactory/ret-marketplace-mvn-prod-local",
    "http_proxy": "http://10.167.213.150:43754",
    "JENKINS_HOME": "/<redacted>/<redacted>-workspace",
    "npm_config_user_agent": "npm/10.7.0 node/v22.1.0 linux x64 workspaces/false ci/jenkins",
    "npm_execpath": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/npm-10.7.0/node_modules/npm/bin/npm-cli.js",
    "CLASSPATH": "",
    "npm_config_strict_ssl": "",
    "NODE_PATH": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/npm-10.7.0/node_modules",
    "REQUESTS_CA_BUNDLE": "/etc/ssl/certs/ca-certificates.crt",
    "GIT_SSL_CAPATH1": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/provenance-0.44.0/var/work/proxy-cacerts.pem",
    "npm_package_json": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/ws/node_modules/@postman/tunnel-agent/package.json",
    "CODEGATE_JAR": "/mnt/<redacted>/tools/codegate/codegate-2.1003.11/codegate-2.1003.11-shaded.jar",
    "BASEDIR": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/ws",
    "GIT_COMMIT": "16f766887ffda24e6cf41bbb3d900ada4aa1d881",
    "NODE_LABELS": "ASSEMBLY-<redacted>pro-prod-agent110 CLOUD-prod-edc02 docker-daemon linux <redacted>pro-prod-agent110 <redacted>pro-prod-agent110-17",
    "Workers": "5",
    "JOURNAL_STREAM": "8:1438904637",
    "agent_name": "<redacted>pro-prod-agent110-17",
    "GIT_AUTHOR_NAME": "SVC-ciad-prod1",
    "REPOSOLNS_PYPI_URL": "https://pypi.ci.artifacts.walmart.com/artifactory/api/pypi",
    "npm_config_noproxy": "",
    "PATH": "/mnt/<redacted>/.bun/bin:/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/ws/node_modules/@postman/tunnel-agent/node_modules/.bin:/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/ws/node_modules/@postman/node_modules/.bin:/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/ws/node_modules/node_modules/.bin:/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/ws/node_modules/.bin:/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/node_modules/.bin:/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/node_modules/.bin:/mnt/<redacted>/workspace/node_modules/.bin:/mnt/<redacted>/node_modules/.bin:/mnt/node_modules/.bin:/node_modules/.bin:/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/npm-10.7.0/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin:/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/npm-10.7.0/node_modules/.bin:/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/jdk-1.8.0_161-b12/bin:/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/npm-10.7.0:/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/nodejs-22.1.0/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin",
    "ENV_UPPER": "",
    "npm_config_node_gyp": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/npm-10.7.0/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js",
    "SQUAD": "GlobalMarketplace",
    "GIT_LOCAL_BRANCH": "AGAction",
    "REPOSOLNS_HELM_REPO": "https://helm.ci.artifacts.walmart.com/artifactory/ret-marketplace-helm",
    "CI": "true",
    "RUN_ARTIFACTS_DISPLAY_URL": "https://runner-1-2175078775.<redacted>pro-prod-runner02.prod-ndc23.prod.walmart.com/job/Feature-MultiBranch-PWT/job/AGAction/22/display/redirect?page=artifacts",
    "LOOPER_SHORT_NAME": "AGAction",
    "RUN_ID": "MPCOEE_AGAction-22",
    "taskId": "13",
    "npm_config_global_prefix": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/nodejs-22.1.0",
    "ARTIFACTORY_NPM_UPDATED": "true",
    "ak_Username": "SVC-MPCOEE-TEST1",
    "SHIELD_ONBOARDED": "false",
    "BRANCH_NAME": "AGAction",
    "GIT_BRANCH": "AGAction",
    "BUILD_ID": "22",
    "vault": "com.walmartlabs.<redacted>.engine.scopes.TypedSecrets@79a3d32d[credentials={ci_write=com.walmartlabs.<redacted>.engine.scopes.TypedSecrets$UsernamePassword@46a93cbf[username=reposolns,password=*******,type=username_password]},envs={REPOSOLNS_NPM_SNAPSHOT_REPO=https://npm.ci.artifacts.walmart.com/artifactory/api/npm/ret-marketplace-npm, REPOSOLNS_PYPI_REPO=https://pypi.ci.artifacts.walmart.com/artifactory/api/pypi/ret-marketplace-pypi, REPOSOLNS_SBT_SNAPSHOT_REPO=https://sbt.ci.artifacts.walmart.com/artifactory/ret-marketplace-sbt-snapshots-local, REPOSOLNS_HELM_REPO=https://helm.ci.artifacts.walmart.com/artifactory/ret-marketplace-helm, REPOSOLNS_DOCKER_REPO=ret-marketplace-docker, REPOSOLNS_FQDN_CI=ci.artifacts.walmart.com, REPOSOLNS_MVN_RELEASE_REPO=https://mvn.ci.artifacts.walmart.com/artifactory/ret-marketplace-mvn-prod-local, REPOSOLNS_URL=https://ci.artifacts.walmart.com/artifactory, REPOSOLNS_HELM_SNAPSHOT_REPO=https://helm.ci.artifacts.walmart.com/artifactory/ret-marketplace-helm-snapshots-local, REPOSOLNS_DOCKER_RELEASE_REPONAME=ret-marketplace-docker-prod-local, REPOSOLNS_SBT_REPO=https://sbt.ci.artifacts.walmart.com/artifactory/ret-marketplace-sbt, REPOSOLNS_DOCKER_SERVER=docker.ci.artifacts.walmart.com, REPOSOLNS_GENERIC_SNAPSHOT_REPO=https://generic.ci.artifacts.walmart.com/artifactory/ret-marketplace-generic-snapshots-local, REPOSOLNS_NPM_RELEASE_REPO=https://npm.ci.artifacts.walmart.com/artifactory/api/npm/ret-marketplace-npm-prod-local, REPOSOLNS_GENERIC_REPO=https://generic.ci.artifacts.walmart.com/artifactory/ret-marketplace-generic, REPOSOLNS_SBT_RELEASE_REPO=https://sbt.ci.artifacts.walmart.com/artifactory/ret-marketplace-sbt-prod-local, REPOSOLNS_DOCKER_SNAPSHOT_REPONAME=ret-marketplace-docker-snapshots-local, REPOSOLNS_SCALA_REPO=https://sbt.ci.artifacts.walmart.com/artifactory/ret-marketplace-sbt, REPOSOLNS_PYPI_RELEASE_REPO=https://pypi.ci.artifacts.walmart.com/artifactory/api/pypi/ret-marketplace-pypi-prod-local, REPOSOLNS_PYPI_URL=https://pypi.ci.artifacts.walmart.com/artifactory/api/pypi, REPOSOLNS_MVN_SNAPSHOT_REPO=https://mvn.ci.artifacts.walmart.com/artifactory/ret-marketplace-mvn-snapshots-local, REPOSOLNS_MVN_RELEASE=https://mvn.ci.artifacts.walmart.com/artifactory/ret-marketplace-mvn, REPOSOLNS_MVN_SNAPSHOT=https://mvn.ci.artifacts.walmart.com/artifactory/ret-marketplace-mvn-snapshots-local, REPOSOLNS_HELM_RELEASE_REPO=https://helm.ci.artifacts.walmart.com/artifactory/ret-marketplace-helm-prod-local, REPOSOLNS_VIRTUAL_DEFAULT_DEPLOYMENT=-prod-local, REPOSOLNS_GENERIC_RELEASE_REPO=https://generic.ci.artifacts.walmart.com/artifactory/ret-marketplace-generic-prod-local, REPOSOLNS_NPM_REPO=https://npm.ci.artifacts.walmart.com/artifactory/api/npm/ret-marketplace-npm, REPOSOLNS_MVN_REPO=https://mvn.ci.artifacts.walmart.com/artifactory/ret-marketplace-mvn, REPOSOLNS_NPM_BASEURL=https://npm.ci.artifacts.walmart.com/artifactory/api/npm, REPOSOLNS_DOCKER_REPONAME=ret-marketplace-docker, REPOSOLNS_PYPI_BASEURL=https://pypi.ci.artifacts.walmart.com/artifactory/api/pypi, REPOSOLNS_PYPI_SNAPSHOT_REPO=https://pypi.ci.artifacts.walmart.com/artifactory/api/pypi/ret-marketplace-pypi-snapshots-local},techs=[com.walmartlabs.<redacted>.engine.scopes.TypedSecrets$DockerScope@62351a8a[credname=ci_write,email=<null>,server=docker.ci.artifacts.walmart.com], com.walmartlabs.<redacted>.engine.scopes.TypedSecrets$DockerScope@710a2d26[credname=ci_write,email=<null>,server=docker.ci.artifacts.prod.walmart.com], com.walmartlabs.<redacted>.engine.scopes.TypedSecrets$MavenScope@16d7b291[credname=ci_write,id=af-snapshot], com.walmartlabs.<redacted>.engine.scopes.TypedSecrets$MavenScope@19143830[credname=ci_write,id=af-release]]]",
    "npm_config_cafile": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/provenance-0.44.0/var/work/proxy-cacerts.pem",
    "npm_node_execpath": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction/tools/nix_64/nodejs-22.1.0/bin/node",
    "npm_config_https_proxy": "http://10.167.213.150:43754",
    "WS_ROOT": "/mnt/<redacted>/workspace/Feature-MultiBranch-PWT/AGAction",
    "REPOSOLNS_GENERIC_RELEASE_REPO": "https://generic.ci.artifacts.walmart.com/artifactory/ret-marketplace-generic-prod-local",
    "REPOSOLNS_URL": "https://ci.artifacts.walmart.com/artifactory",
    "npm_package_engines_node": "*",
    "POSTINSTALL_BG": "1"
  }
}

Figure 12: Decoded content of the environment.js file.

truffleSecrets.json

This file contains all of the data collected by TruffleHog, including credentials and secrets for various platforms. Like the other JSON files, this file is also double base64-encoded.

Mitigation Recommendations

As highlighted in the previous Shai-Hulud blog, it is always difficult to detect and respond to supply chain compromises. It is not always clear where these packages are used and what other libraries use them. We recommend taking the following actions:

Review the list of compromised packages below and audit your development environment for them
Rotate all GitHub, npm, cloud, and CI/CD secrets
Check GitHub for repositories that have been made public
Check GitHub for repositories that have the description Sha1-Hulud: The Second Coming
Audit GitHub for any unauthorized workflows
Deploy phishing-resistant MFA solutions for CI/CD pipelines and developers
Monitor any newly published npm packages within the organization
Disable post-install scripts

Compromise Packages

This list of packages below is accurate as of 15:00 EST on November 24, 2025. As this is an evolving situation, this list may not be complete and is expected to change over time.

Package Name	Version
02-echo	0.0.7
@accordproject/concerto-analysis	3.24.1
@accordproject/concerto-linter	3.24.1
@accordproject/concerto-linter-default-ruleset	3.24.1
@accordproject/concerto-metamodel	3.12.5
@accordproject/concerto-types	3.24.1
@accordproject/markdown-it-cicero	0.16.26
@accordproject/template-engine	2.7.2
@actbase/css-to-react-native-transform	1.0.3
@actbase/native	0.1.32
@actbase/node-server	1.1.19
@actbase/react-absolute	0.8.3
@actbase/react-daum-postcode	1.0.5
@actbase/react-kakaosdk	0.9.27
@actbase/react-native-actionsheet	1.0.3
@actbase/react-native-devtools	0.1.3
@actbase/react-native-fast-image	8.5.13
@actbase/react-native-kakao-channel	1.0.2
@actbase/react-native-kakao-navi	2.0.4
@actbase/react-native-less-transformer	1.0.6
@actbase/react-native-naver-login	1.0.1
@actbase/react-native-simple-video	1.0.13
@actbase/react-native-tiktok	1.1.3
@afetcan/api	0.0.13
@afetcan/storage	0.0.27
@alexadark/amadeus-api	1.0.4
@alexadark/gatsby-theme-events	1.0.1
@alexadark/gatsby-theme-wordpress-blog	2.0.1
@alexadark/reusable-functions	1.5.1
@alexcolls/nuxt-socket.io	0.0.7, 0.0.8
@alexcolls/nuxt-ux	0.6.2, 0.6.1
@antstackio/eslint-config-antstack	0.0.3
@antstackio/express-graphql-proxy	0.2.8
@antstackio/graphql-body-parser	0.1.1
@antstackio/json-to-graphql	1.0.3
@antstackio/shelbysam	1.1.7
@aryanhussain/my-angular-lib	0.0.23
@asyncapi/dotnet-rabbitmq-template	1.0.1,1.0.2
@asyncapi/edavisualiser	1.2.2,1.2.1
@asyncapi/go-watermill-template	0.2.76, 0.2.77
@asyncapi/java-template	0.3.6, 0.3.5
@asyncapi/keeper	0.0.2, 0.0.3
@asyncapi/php-template	0.1.1, 0.1.2
@asyncapi/python-paho-template	0.2.14, 0.2.15
@asyncapi/server-api	0.16.24, 0.16.25
@asyncapi/studio	1.0.3, 1.0.2
@asyncapi/web-component	2.6.6, 2.6.7
@bdkinc/knex-ibmi	0.5.7
@browserbasehq/bb9	1.2.21
@browserbasehq/director-ai	1.0.3
@browserbasehq/mcp	2.1.1
@browserbasehq/mcp-server-browserbase	2.4.2
@browserbasehq/sdk-functions	0.0.4
@browserbasehq/stagehand	3.0.4
@browserbasehq/stagehand-docs	1.0.1
@caretive/caret-cli	0.0.2
@chtijs/eslint-config	1.0.1
@clausehq/flows-step-httprequest	0.1.14
@clausehq/flows-step-jsontoxml	0.1.14
@clausehq/flows-step-mqtt	0.1.14
@clausehq/flows-step-sendgridemail	0.1.14
@clausehq/flows-step-taskscreateurl	0.1.14
@cllbk/ghl	1.3.1
@commute/bloom	1.0.3
@commute/market-data	1.0.2
@commute/market-data-chartjs	2.3.1
@dev-blinq/ai-qa-logic	1.0.19
@dev-blinq/cucumber-js	1.0.131
@dev-blinq/cucumber_client	1.0.738
@dev-blinq/ui-systems	1.0.93
@ensdomains/address-encoder	1.1.5
@ensdomains/blacklist	1.0.1
@ensdomains/buffer	0.1.2
@ensdomains/ccip-read-cf-worker	0.0.4
@ensdomains/ccip-read-dns-gateway	0.1.1
@ensdomains/ccip-read-router	0.0.7
@ensdomains/ccip-read-worker-viem	0.0.4
@ensdomains/content-hash	3.0.1
@ensdomains/curvearithmetics	1.0.1
@ensdomains/cypress-metamask	1.2.1
@ensdomains/dnsprovejs	0.5.3
@ensdomains/dnssec-oracle-anchors	0.0.2
@ensdomains/dnssecoraclejs	0.2.9
@ensdomains/durin	0.1.2
@ensdomains/durin-middleware	0.0.2
@ensdomains/ens-archived-contracts	0.0.3
@ensdomains/ens-avatar	1.0.4
@ensdomains/ens-contracts	1.6.1
@ensdomains/ens-test-env	1.0.2
@ensdomains/ens-validation	0.1.1
@ensdomains/ensjs	4.0.3
@ensdomains/ensjs-react	0.0.5
@ensdomains/eth-ens-namehash	2.0.16
@ensdomains/hackathon-registrar	1.0.5
@ensdomains/hardhat-chai-matchers-viem	0.1.15
@ensdomains/hardhat-toolbox-viem-extended	0.0.6
@ensdomains/mock	2.1.52
@ensdomains/name-wrapper	1.0.1
@ensdomains/offchain-resolver-contracts	0.2.2
@ensdomains/op-resolver-contracts	0.0.2
@ensdomains/react-ens-address	0.0.32
@ensdomains/renewal	0.0.13
@ensdomains/renewal-widget	0.1.10
@ensdomains/reverse-records	1.0.1
@ensdomains/server-analytics	0.0.2
@ensdomains/solsha1	0.0.4
@ensdomains/subdomain-registrar	0.2.4
@ensdomains/test-utils	1.3.1
@ensdomains/thorin	0.6.51
@ensdomains/ui	3.4.6
@ensdomains/unicode-confusables	0.1.1
@ensdomains/unruggable-gateways	0.0.3
@ensdomains/vite-plugin-i18next-loader	4.0.4
@ensdomains/web3modal	1.10.2
@everreal/react-charts	2.0.1, 2.0.2
@everreal/validate-esmoduleinterop-imports	1.4.4, 1.4.5
@everreal/web-analytics	0.0.1, 0.0.2
@faq-component/core	0.0.4
@faq-component/react	1.0.1
@fishingbooker/browser-sync-plugin	1.0.5
@fishingbooker/react-loader	1.0.7
@fishingbooker/react-pagination	2.0.6
@fishingbooker/react-raty	2.0.1
@fishingbooker/react-swiper	0.1.5
@hapheus/n8n-nodes-pgp	1.5.1
@hover-design/core	0.0.1
@hover-design/react	0.2.1
@huntersofbook/auth-vue	0.4.2
@huntersofbook/core	0.5.1
@huntersofbook/core-nuxt	0.4.2
@huntersofbook/form-naiveui	0.5.1
@huntersofbook/i18n	0.8.2
@huntersofbook/ui	0.5.1
@hyperlook/telemetry-sdk	1.0.19
@ifelsedeveloper/protocol-contracts-svm-idl	0.1.2, 0.1.3
@ifings/design-system	4.9.2
@ifings/metatron3	0.1.5
@jayeshsadhwani/telemetry-sdk	1.0.14
@kvytech/cli	0.0.7
@kvytech/components	0.0.2
@kvytech/habbit-e2e-test	0.0.2
@kvytech/medusa-plugin-announcement	0.0.8
@kvytech/medusa-plugin-management	0.0.5
@kvytech/medusa-plugin-newsletter	0.0.5
@kvytech/medusa-plugin-product-reviews	0.0.9
@kvytech/medusa-plugin-promotion	0.0.2
@kvytech/web	0.0.2
@lessondesk/api-client	9.12.2, 9.12.3
@lessondesk/babel-preset	1.0.1
@lessondesk/electron-group-api-client	1.0.3
@lessondesk/eslint-config	1.4.2
@lessondesk/material-icons	1.0.3
@lessondesk/react-table-context	2.0.4
@lessondesk/schoolbus	5.2.2, 5.2.3
@livecms/live-edit	0.0.32
@livecms/nuxt-live-edit	1.9.2
@lokeswari-satyanarayanan/rn-zustand-expo-template	1.0.9
@louisle2/core	1.0.1
@louisle2/cortex-js	0.1.6
@lpdjs/firestore-repo-service	1.0.1
@lui-ui/lui-nuxt	0.1.1
@lui-ui/lui-tailwindcss	0.1.2
@lui-ui/lui-vue	1.0.13
@markvivanco/app-version-checker	1.0.1, 1.0.2
@micado-digital/stadtmarketing-kufstein-external	1.9.1
@mizzle-dev/orm	0.0.2
@ntnx/passport-wso2	0.0.3
@ntnx/t	0.0.101
@oku-ui/accordion	0.6.2
@oku-ui/alert-dialog	0.6.2
@oku-ui/arrow	0.6.2
@oku-ui/aspect-ratio	0.6.2
@oku-ui/avatar	0.6.2
@oku-ui/checkbox	0.6.3
@oku-ui/collapsible	0.6.2
@oku-ui/collection	0.6.2
@oku-ui/dialog	0.6.2
@oku-ui/direction	0.6.2
@oku-ui/dismissable-layer	0.6.2
@oku-ui/focus-guards	0.6.2
@oku-ui/focus-scope	0.6.2
@oku-ui/hover-card	0.6.2
@oku-ui/label	0.6.2
@oku-ui/menu	0.6.2
@oku-ui/motion	0.4.4
@oku-ui/motion-nuxt	0.2.2
@oku-ui/popover	0.6.2
@oku-ui/popper	0.6.2
@oku-ui/portal	0.6.2
@oku-ui/presence	0.6.2
@oku-ui/primitive	0.6.2
@oku-ui/primitives	0.7.9
@oku-ui/primitives-nuxt	0.3.1
@oku-ui/progress	0.6.2
@oku-ui/provide	0.6.2
@oku-ui/radio-group	0.6.2
@oku-ui/roving-focus	0.6.2
@oku-ui/scroll-area	0.6.2
@oku-ui/separator	0.6.2
@oku-ui/slider	0.6.2
@oku-ui/slot	0.6.2
@oku-ui/switch	0.6.2
@oku-ui/tabs	0.6.2
@oku-ui/toast	0.6.2
@oku-ui/toggle	0.6.2
@oku-ui/toggle-group	0.6.2
@oku-ui/toolbar	0.6.2
@oku-ui/tooltip	0.6.2
@oku-ui/use-composable	0.6.2
@oku-ui/utils	0.6.2
@oku-ui/visually-hidden	0.6.2
@orbitgtbelgium/mapbox-gl-draw-cut-polygon-mode	2.0.5
@orbitgtbelgium/mapbox-gl-draw-scale-rotate-mode	1.1.1
@orbitgtbelgium/orbit-components	1.2.9
@orbitgtbelgium/time-slider	1.0.187
@osmanekrem/bmad	1.0.6
@osmanekrem/error-handler	1.2.2
@pergel/cli	0.11.1
@pergel/module-box	0.6.1
@pergel/module-graphql	0.6.1
@pergel/module-ui	0.0.9
@pergel/nuxt	0.25.5
@posthog/agent	1.24.1
@posthog/ai	7.1.2
@posthog/cli	0.5.15
@posthog/clickhouse	1.7.1
@posthog/core	1.5.6
@posthog/hedgehog-mode	0.0.42
@posthog/icons	0.36.1
@posthog/lemon-ui	0.0.1
@posthog/nextjs-config	1.5.1
@posthog/nuxt	1.2.9
@posthog/piscina	3.2.1
@posthog/plugin-contrib	0.0.6
@posthog/react-rrweb-player	1.1.4
@posthog/rrdom	0.0.31
@posthog/rrweb	0.0.31
@posthog/rrweb-player	0.0.31
@posthog/rrweb-record	0.0.31
@posthog/rrweb-replay	0.0.19
@posthog/rrweb-snapshot	0.0.31
@posthog/rrweb-utils	0.0.31
@posthog/siphash	1.1.2
@posthog/wizard	1.18.1
@postman/aether-icons	2.23.4, 2.23.3, 2.23.2
@postman/csv-parse	4.0.3, 4.0.5, 4.0.4
@postman/node-keytar	7.9.5, 7.9.4, 7.9.6
@postman/tunnel-agent	0.6.6, 0.6.5, 0.6.7
@pradhumngautam/common-app	1.0.2
@productdevbook/animejs-vue	0.2.1
@productdevbook/auth	0.2.2
@productdevbook/chatwoot	2.0.1
@productdevbook/motion	1.0.4
@productdevbook/ts-i18n	1.4.2
@pruthvi21/use-debounce	1.0.3
@quick-start-soft/quick-document-translator	1.4.2511142126
@quick-start-soft/quick-git-clean-markdown	1.4.2511142126
@quick-start-soft/quick-markdown	1.4.2511142126
@quick-start-soft/quick-markdown-compose	1.4.2506300029
@quick-start-soft/quick-markdown-image	1.4.2511142126
@quick-start-soft/quick-markdown-print	1.4.2511142126
@quick-start-soft/quick-markdown-translator	1.4.2509202331
@quick-start-soft/quick-remove-image-background	1.4.2511142126
@quick-start-soft/quick-task-refine	1.4.2511142126
@relyt/claude-context-core	0.1.1
@sameepsi/sor	1.0.3
@sameepsi/sor2	2.0.2
@seezo/sdr-mcp-server	0.0.5
@seung-ju/next	0.0.2
@seung-ju/openapi-generator	0.0.4
@seung-ju/react-hooks	0.0.2
@seung-ju/react-native-action-sheet	0.2.1
@silgi/better-auth	0.8.1
@silgi/drizzle	0.8.4
@silgi/ecosystem	0.7.6
@silgi/module-builder	0.8.8
@silgi/openapi	0.7.4
@silgi/permission	0.6.8
@silgi/ratelimit	0.2.1
@silgi/scalar	0.6.2
@silgi/yoga	0.7.1
@sme-ui/aoma-vevasound-metadata-lib	0.1.3
@strapbuild/react-native-date-time-picker	2.0.4
@strapbuild/react-native-perspective-image-cropper	0.4.15
@strapbuild/react-native-perspective-image-cropper-2	0.4.7
@strapbuild/react-native-perspective-image-cropper-poojan31	0.4.6
@suraj_h/medium-common	1.0.5
@thedelta/eslint-config	1.0.2
@tiaanduplessis/json	2.0.3, 2.0.2
@tiaanduplessis/react-progressbar	1.0.1, 1.0.2
@trackstar/angular-trackstar-link	1.0.2
@trackstar/react-trackstar-link	2.0.21
@trackstar/react-trackstar-link-upgrade	1.1.10
@trackstar/test-angular-package	0.0.9
@trackstar/test-package	1.1.5
@trefox/sleekshop-js	0.1.6
@trigo/atrix	7.0.1
@trigo/atrix-elasticsearch	2.0.1
@trigo/atrix-postgres	1.0.3
@trigo/atrix-pubsub	4.0.3
@trigo/atrix-soap	1.0.2
@trigo/atrix-swagger	3.0.1
@trigo/bool-expressions	4.1.3
@trigo/eslint-config-trigo	3.3.1
@trigo/fsm	3.4.2
@trigo/hapi-auth-signedlink	1.3.1
@trigo/pathfinder-ui-css	0.1.1
@trigo/trigo-hapijs	5.0.1
@trpc-rate-limiter/cloudflare	0.1.4
@trpc-rate-limiter/hono	0.1.4
@varsityvibe/api-client	1.3.37, 1.3.36
@varsityvibe/utils	5.0.6
@varsityvibe/validation-schemas	0.6.8, 0.6.7
@viapip/eslint-config	0.2.4
@vishadtyagi/full-year-calendar	0.1.11
@voiceflow/alexa-types	2.15.61, 2.15.60
@voiceflow/anthropic	0.4.5, 0.4.4
@voiceflow/api-sdk	3.28.58, 3.28.59
@voiceflow/backend-utils	5.0.1, 5.0.2
@voiceflow/base-types	2.136.3, 2.136.2
@voiceflow/body-parser	1.21.2, 1.21.3
@voiceflow/chat-types	2.14.59, 2.14.58
@voiceflow/circleci-config-sdk-orb-import	0.2.2, 0.2.1
@voiceflow/commitlint-config	2.6.1, 2.6.2
@voiceflow/common	8.9.2, 8.9.1
@voiceflow/default-prompt-wrappers	1.7.3, 1.7.4
@voiceflow/dependency-cruiser-config	1.8.11, 1.8.12
@voiceflow/dtos-interact	1.40.2, 1.40.1
@voiceflow/encryption	0.3.3, 0.3.2
@voiceflow/eslint-config	7.16.5, 7.16.4
@voiceflow/eslint-plugin	1.6.2, 1.6.1
@voiceflow/exception	1.10.2, 1.10.1
@voiceflow/fetch	1.11.1, 1.11.2
@voiceflow/general-types	3.2.23, 3.2.22
@voiceflow/git-branch-check	1.4.3, 1.4.4
@voiceflow/google-dfes-types	2.17.13, 2.17.12
@voiceflow/google-types	2.21.13, 2.21.12
@voiceflow/husky-config	1.3.2, 1.3.1
@voiceflow/logger	2.4.3, 2.4.2
@voiceflow/metrics	1.5.2, 1.5.1
@voiceflow/natural-language-commander	0.5.3, 0.5.2
@voiceflow/nestjs-common	2.75.2, 2.75.3
@voiceflow/nestjs-mongodb	1.3.2, 1.3.1
@voiceflow/nestjs-rate-limit	1.3.2, 1.3.3
@voiceflow/nestjs-redis	1.3.2, 1.3.1
@voiceflow/nestjs-timeout	1.3.2, 1.3.1
@voiceflow/npm-package-json-lint-config	1.1.1, 1.1.2
@voiceflow/openai	3.2.2, 3.2.3
@voiceflow/pino	6.11.4, 6.11.3
@voiceflow/pino-pretty	4.4.2, 4.4.1
@voiceflow/prettier-config	1.10.2, 1.10.1
@voiceflow/react-chat	1.65.3, 1.65.4
@voiceflow/runtime	1.29.2, 1.29.1
@voiceflow/runtime-client-js	1.17.3, 1.17.2
@voiceflow/sdk-runtime	1.43.2, 1.43.1
@voiceflow/secrets-provider	1.9.3, 1.9.2
@voiceflow/semantic-release-config	1.4.2, 1.4.1
@voiceflow/serverless-plugin-typescript	2.1.7, 2.1.8
@voiceflow/slate-serializer	1.7.3, 1.7.4
@voiceflow/stitches-react	2.3.3, 2.3.2
@voiceflow/storybook-config	1.2.2, 1.2.3
@voiceflow/stylelint-config	1.1.1, 1.1.2
@voiceflow/test-common	2.1.2, 2.1.1
@voiceflow/tsconfig	1.12.2, 1.12.1
@voiceflow/tsconfig-paths	1.1.4, 1.1.5
@voiceflow/utils-designer	1.74.20, 1.74.19
@voiceflow/verror	1.1.4, 1.1.5
@voiceflow/vite-config	2.6.2, 2.6.3
@voiceflow/vitest-config	1.10.2, 1.10.3
@voiceflow/voice-types	2.10.59, 2.10.58
@voiceflow/voiceflow-types	3.32.45, 3.32.46
@voiceflow/widget	1.7.19, 1.7.18
@vucod/email	0.0.3
@zapier/ai-actions	0.1.20, 0.1.19, 0.1.18
@zapier/babel-preset-zapier	6.4.1, 6.4.3, 6.4.2
@zapier/browserslist-config-zapier	1.0.5, 1.0.3, 1.0.4
@zapier/secret-scrubber	1.1.4, 1.1.5, 1.1.3
ai-crowl-shield	1.0.7
arc-cli-fc	1.0.1
asciitranslator	1.0.3
asyncapi-preview	1.0.1, 1.0.2
atrix	1.0.1
automation_model	1.0.491
avvvatars-vue	1.1.2
axios-builder	1.2.1
axios-cancelable	1.0.1, 1.0.2
axios-timed	1.0.1, 1.0.2
babel-preset-kinvey-flex-service	0.1.1
barebones-css	1.1.4, 1.1.3
benmostyn-frame-print	1.0.1
best_gpio_controller	1.0.10
better-auth-nuxt	0.0.10
better-queue-nedb	0.1.5
bidirectional-adapter	1.2.2, 1.2.5, 1.2.4, 1.2.3
blinqio-executions-cli	1.0.41
blob-to-base64	1.0.3
buffered-interpolation-babylon6	0.2.8
bun-plugin-httpfile	0.1.1
bytecode-checker-cli	1.0.11, 1.0.9, 1.0.8, 1.0.10
bytes-to-x	1.0.1
calc-loan-interest	1.0.4
capacitor-plugin-apptrackingios	0.0.21
capacitor-plugin-purchase	0.1.1
capacitor-plugin-scgssigninwithgoogle	0.0.5
capacitor-purchase-history	0.0.10
capacitor-voice-recorder-wav	6.0.3
ceviz	0.0.5
chrome-extension-downloads	0.0.4, 0.0.3
claude-token-updater	1.0.3
coinmarketcap-api	3.1.2, 3.1.3
colors-regex	2.0.1
command-irail	0.5.4
compare-obj	1.1.1, 1.1.2
composite-reducer	1.0.5, 1.0.3, 1.0.2, 1.0.4
count-it-down	1.0.1, 1.0.2
cpu-instructions	0.0.14
create-director-app	0.1.1
create-glee-app	0.2.2, 0.2.3
create-hardhat3-app	1.1.1, 1.1.4, 1.1.2, 1.1.3
create-kinvey-flex-service	0.2.1
create-silgi	0.3.1
crypto-addr-codec	0.1.9
css-dedoupe	0.1.2
csv-tool-cli	1.2.1
dashboard-empty-state	1.0.3
designstudiouiux	1.0.1
devstart-cli	1.0.6
dialogflow-es	1.1.1, 1.1.4, 1.1.2, 1.1.3
discord-bot-server	0.1.2
docusaurus-plugin-vanilla-extract	1.0.3
dont-go	1.1.2
dotnet-template	0.0.4, 0.0.3
drop-events-on-property-plugin	0.0.2
easypanel-sdk	0.3.2
electron-volt	0.0.2
email-deliverability-tester	1.1.1
enforce-branch-name	1.1.3
esbuild-plugin-brotli	0.2.1
esbuild-plugin-eta	0.1.1
esbuild-plugin-httpfile	0.4.1
eslint-config-kinvey-flex-service	0.1.1
eslint-config-nitpicky	4.0.1
eslint-config-trigo	22.0.2
eslint-config-zeallat-base	1.0.4
ethereum-ens	0.8.1
evm-checkcode-cli	1.0.14, 1.0.12, 1.0.15, 1.0.13
exact-ticker	0.3.5
expo-audio-session	0.2.1
expo-router-on-rails	0.0.4
express-starter-template	1.0.10
expressos	1.1.3
fat-fingered	1.0.1, 1.0.2
feature-flip	1.0.1, 1.0.2
firestore-search-engine	1.2.3
fittxt	1.0.3, 1.0.2
flapstacks	1.0.1, 1.0.2
flatten-unflatten	1.0.1, 1.0.2
formik-error-focus	2.0.1
formik-store	1.0.1
frontity-starter-theme	1.0.1
fuzzy-finder	1.0.5, 1.0.6
gate-evm-check-code2	2.0.3, 2.0.5, 2.0.6, 2.0.4
gate-evm-tools-test	1.0.5, 1.0.6, 1.0.8, 1.0.7
gatsby-plugin-antd	2.2.1
gatsby-plugin-cname	1.0.1, 1.0.2
generator-meteor-stock	0.1.6
generator-ng-itobuz	0.0.15
get-them-args	1.3.3
github-action-for-generator	2.1.27, 2.1.28
gitsafe	1.0.5
go-template	0.1.9, 0.1.8
gulp-inject-envs	1.2.2, 1.2.1
haufe-axera-api-client	0.0.1, 0.0.2
hope-mapboxdraw	0.1.1
hopedraw	1.0.3
hover-design-prototype	0.0.5
httpness	1.0.3, 1.0.2
hyper-fullfacing	1.0.3
hyperterm-hipster	1.0.7
ids-css	1.5.1
ids-enterprise-mcp-server	0.0.2
ids-enterprise-ng	20.1.6
ids-enterprise-typings	20.1.6
image-to-uri	1.0.1, 1.0.2
insomnia-plugin-random-pick	1.0.4
invo	0.2.2
iron-shield-miniapp	0.0.2
ito-button	8.0.3
itobuz-angular	0.0.1
itobuz-angular-auth	8.0.11
itobuz-angular-button	8.0.11
jacob-zuma	1.0.1, 1.0.2
jaetut-varit-test	1.0.2
jan-browser	0.13.1
jquery-bindings	1.1.2, 1.1.3
jsonsurge	1.0.7
just-toasty	1.7.1
kill-port	2.0.3, 2.0.2
kinetix-default-token-list	1.0.5
kinvey-cli-wrapper	0.3.1
kinvey-flex-scripts	0.5.1
kns-error-code	1.0.8
korea-administrative-area-geo-json-util	1.0.7
kwami	1.5.9, 1.5.10
lang-codes	1.0.1, 1.0.2
license-o-matic	1.2.2, 1.2.1
lint-staged-imagemin	1.3.2, 1.3.1
lite-serper-mcp-server	0.2.2
lui-vue-test	0.70.9
luno-api	1.2.3
m25-transaction-utils	1.1.16
manual-billing-system-miniapp-api	1.3.1
medusa-plugin-announcement	0.0.3
medusa-plugin-logs	0.0.17
medusa-plugin-momo	0.0.68
medusa-plugin-product-reviews-kvy	0.0.4
medusa-plugin-zalopay	0.0.40
mod10-check-digit	1.0.1
mon-package-react-typescript	1.0.1
my-saeed-lib	0.1.1
n8n-nodes-tmdb	0.5.1
n8n-nodes-vercel-ai-sdk	0.1.7
n8n-nodes-viral-app	0.2.5
nanoreset	7.0.1, 7.0.2
next-circular-dependency	1.0.3, 1.0.2
next-simple-google-analytics	1.1.1, 1.1.2
next-styled-nprogress	1.0.5, 1.0.4
ngx-useful-swiper-prosenjit	9.0.2
ngx-wooapi	12.0.1
nitro-graphql	1.5.12
nitro-kutu	0.1.1
nitrodeploy	1.0.8
nitroping	0.1.1
normal-store	1.3.2, 1.3.1, 1.3.4, 1.3.3
nuxt-keycloak	0.2.2
obj-to-css	1.0.3, 1.0.2
okta-react-router-6	5.0.1
open2internet	0.1.1
orbit-boxicons	2.1.3
orbit-nebula-draw-tools	1.0.10
orbit-nebula-editor	1.0.2
orbit-soap	0.43.13
orchestrix	12.1.2
package-tester	1.0.1
parcel-plugin-asset-copier	1.1.2, 1.1.3
pdf-annotation	0.0.2
pergel	0.13.2
pergeltest	0.0.25
piclite	1.0.1
pico-uid	1.0.3, 1.0.4
pkg-readme	1.1.1
poper-react-sdk	0.1.2
posthog-docusaurus	2.0.6
posthog-js	1.297.3
posthog-node	5.11.3, 4.18.1, 5.13.3
posthog-plugin-hello-world	1.0.1
posthog-react-native	4.11.1, 4.12.5
posthog-react-native-session-replay	1.2.2
prime-one-table	0.0.19
prompt-eng	1.0.50
puny-req	1.0.3
quickswap-ads-list	1.0.33
quickswap-default-staking-list	1.0.11
quickswap-default-staking-list-address	1.0.55
quickswap-default-token-list	1.5.16
quickswap-router-sdk	1.0.1
quickswap-sdk	3.0.44
quickswap-smart-order-router	1.0.1
quickswap-token-lists	1.0.3
quickswap-v2-sdk	2.0.1
ra-auth-firebase	1.0.3
ra-data-firebase	1.0.8, 1.0.7
react-component-taggers	0.1.9
react-data-to-export	1.0.1
react-element-prompt-inspector	0.1.18
react-favic	1.0.2
react-hook-form-persist	3.0.1, 3.0.2
react-jam-icons	1.0.1, 1.0.2
react-keycloak-context	1.0.9, 1.0.8
react-library-setup	0.0.6
react-linear-loader	1.0.2
react-micromodal.js	1.0.1, 1.0.2
react-native-datepicker-modal	1.3.2, 1.3.1
react-native-email	2.1.2, 2.1.1
react-native-fetch	2.0.1, 2.0.2
react-native-get-pixel-dimensions	1.0.1, 1.0.2
react-native-google-maps-directions	2.1.2
react-native-jam-icons	1.0.1, 1.0.2
react-native-log-level	1.2.2, 1.2.1
react-native-modest-checkbox	3.3.1
react-native-modest-storage	2.1.1
react-native-phone-call	1.2.2, 1.2.1
react-native-retriable-fetch	2.0.1, 2.0.2
react-native-use-modal	1.0.3
react-native-view-finder	1.2.2, 1.2.1
react-native-websocket	1.0.3, 1.0.4
react-native-worklet-functions	3.3.3
react-packery-component	1.0.3
react-qr-image	1.1.1
react-scrambled-text	1.0.4
rediff	1.0.5
rediff-viewer	0.0.7
redux-router-kit	1.2.2, 1.2.4, 1.2.3
revenuecat	1.0.1
rollup-plugin-httpfile	0.2.1
sa-company-registration-number-regex	1.0.1, 1.0.2
sa-id-gen	1.0.5, 1.0.4
samesame	1.0.3
scgs-capacitor-subscribe	1.0.11
scgsffcreator	1.0.5
schob	1.0.3
set-nested-prop	2.0.1, 2.0.2
shelf-jwt-sessions	0.1.2
shell-exec	1.1.4, 1.1.3
shinhan-limit-scrap	1.0.3
silgi	0.43.30
simplejsonform	1.0.1
skills-use	0.1.1, 0.1.2
solomon-api-stories	1.0.2
solomon-v3-stories	1.15.6
solomon-v3-ui-wrapper	1.6.1
soneium-acs	1.0.1
sort-by-distance	2.0.1
south-african-id-info	1.0.2
stat-fns	1.0.1
stoor	2.3.2
sufetch	0.4.1
super-commit	1.0.1
svelte-autocomplete-select	1.1.1
svelte-toasty	1.1.2, 1.1.3
tanstack-shadcn-table	1.1.5
tavily-module	1.0.1
tcsp	2.0.2
tcsp-draw-test	1.0.5
tcsp-test-vd	2.4.4
template-lib	1.1.4, 1.1.3
template-micro-service	1.0.3, 1.0.2
tenacious-fetch	2.3.3, 2.3.2
test-foundry-app	1.0.3, 1.0.1, 1.0.2, 1.0.4
test-hardhat-app	1.0.3, 1.0.1, 1.0.2, 1.0.4
test23112222-api	1.0.1
tiaan	1.0.2
tiptap-shadcn-vue	0.2.1
token.js-fork	0.7.32
toonfetch	0.3.2
trigo-react-app	4.1.2
ts-relay-cursor-paging	2.1.1
typeface-antonio-complete	1.0.5
typefence	1.2.2, 1.2.3
typeorm-orbit	0.2.27
unadapter	0.1.3
undefsafe-typed	1.0.3, 1.0.4
unemail	0.3.1
uniswap-router-sdk	1.6.2
uniswap-smart-order-router	3.16.26
uniswap-test-sdk-core	4.0.8
unsearch	0.0.3
uplandui	0.5.4
upload-to-play-store	1.0.1, 1.0.2
url-encode-decode	1.0.1, 1.0.2
use-unsaved-changes	1.0.9
v-plausible	1.2.1
valid-south-african-id	1.0.3
valuedex-sdk	3.0.5
vf-oss-template	1.0.3, 1.0.1, 1.0.2, 1.0.4
victoria-wallet-constants	0.1.1, 0.1.2
victoria-wallet-core	0.1.1
victoria-wallet-type	0.1.1, 0.1.2
victoria-wallet-utils	0.1.1
victoria-wallet-validator	0.1.1
victoriaxoaquyet-wallet-core	0.2.2, 0.2.1
vite-plugin-httpfile	0.2.1
vue-browserupdate-nuxt	1.0.5
wallet-evm	0.3.1
wallet-type	0.1.1, 0.1.2
web-scraper-mcp	1.1.4
web-types-htmx	0.1.1
web-types-lit	0.1.1
webpack-loader-httpfile	0.2.1
wellness-expert-ng-gallery	5.1.1
wenk	1.0.9, 1.0.10
zapier-async-storage	1.0.3, 1.0.1, 1.0.2
zapier-platform-cli	18.0.3, 18.0.2, 18.0.4
zapier-platform-core	18.0.3, 18.0.2, 18.0.4
zapier-platform-schema	18.0.3, 18.0.2, 18.0.4
zapier-scripts	7.8.4, 7.8.3
zuper-cli	1.0.1
zuper-sdk	1.0.57
zuper-stream	2.0.9