Skip to content

node-v0.2.2 — hunt-shai-hulud

Latest
Latest

Choose a tag to compare

View all tags
@davidalmeidac davidalmeidac released this 23 May 06:53
· 6 commits to main since this release
node-v0.2.2
b16c8b1

sealed-env (Node) 0.2.2

IOC-hunter release. No spec changes, no wire format changes.

Added

  • sealed-env hunt-shai-hulud [path] [--json] — focused IOC scanner for the open-sourced TeamPCP Shai-Hulud framework and its known variants (TanStack, AntV, Mistral AI campaigns of May 2026).
    • Checks package-lock.json against known-malicious package versions
    • Scans node_modules/*/ for loader files at package root
    • Detects suspicious pre/postinstall scripts and optionalDependencies pinned to GitHub commit SHAs
    • Detects OS-level persistence markers (systemd user units, LaunchAgents)
    • Exit code 0 clean / 1 suspect / 2 compromised
    • JSON schema sealed-env-hunt-shai-hulud/v1 for CI integration
    • Read-only — does not execute anything found

Not a replacement for Snyk / Socket / Phylum. Narrow-scope first-line defense tied to threat-research/analysis/ioc-table.md.

Full notes: CHANGELOG.md

Assets 2
Loading