The Register ยท Jun 10, 2026 13:11 UTC

GitHub pulls pin on npm's auto-run scripts

Read full story on The Register
Share
GitHub pulls pin on npm's auto-run scripts

Summary

Shai-Hulud worm exploited exactly this. Better late than never, says everyone except the malware authors

Original reporting

Open original source

Related coverage

Read full article on The Register

Get the AFBytes Brief

Major stories, AI-assisted analysis, and what to watch next. Free, monthly, unsubscribe anytime.