The chalk/debug one https://www.aikido.dev/blog/npm-debug-and-chalk-packages-com... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		singulasar 6 months ago \| parent \| context \| favorite \| on: Shai-Hulud malware attack: Tinycolor and over 40 N... The chalk/debug one https://www.aikido.dev/blog/npm-debug-and-chalk-packages-com... I believe socket also found it this way just a bit later. The dev later said that Charlie notifying him probably shaved off some very important time for the remediation. So in this case 2 different companies found it using automated tech before anyone else

CharlieEriksen 6 months ago | [–]

Hi, I'm Charlie from Aikido, as mentioned above. Yes, we detected it automatically, and I alerted Josh to the situation on BSky.

There's no reason why Microsoft/npm can't do what we're doing, or any of the other handful to dozen companies that do similar things to us, to protect the supply chain.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact