git404hub

what is core-shai-hulud-mitigation fr?

coreindustries/core-shai-hulud-mitigation — explained in plain English

Analysis updated 2026-05-18

0ShellAudience · ops devopsComplexity · 3/5Setup · easy

tl;dr

A shell script toolkit that scans for and helps remediate the Shai-Hulud npm supply chain worm across your projects.

vibe map

mindmap
  root((repo))
    What it does
      Scans for IOCs
      Applies mitigations
    Tech stack
      Shell scripts
      CI integration
    Use cases
      Incident response
      Preventive audit
    Audience
      Developers
      DevOps teams

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Scan a project or a whole directory of git repos for signs of Shai-Hulud infection.

VIBE 2

Run the scanner as a pre-install gate inside a CI pipeline.

VIBE 3

Follow the incident response steps to safely rotate credentials after a suspected breach.

VIBE 4

Check whether your dependencies include any of the known compromised package versions.

what's the stack?

ShellnpmGitHub CLI

how it stacks up fr

coreindustries/core-shai-hulud-mitigation123satyajeet123/bitnet-serveralexbloch-ia/legal-data
Stars000
LanguageShellShellShell
Setup difficultyeasyeasymoderate
Complexity3/52/52/5
Audienceops devopsdevelopergeneral

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · easy time til it works · 5min

Requires the GitHub CLI installed and authenticated for the repo-search and token-audit steps.

No license file is mentioned in the README, so terms of reuse are unclear.

in plain english

This repository is a security response toolkit for a software supply chain attack called Shai-Hulud. A supply chain attack is when malicious code is hidden inside software packages that developers install as dependencies, spreading through the normal act of adding libraries to a project. Shai-Hulud is documented across five waves targeting the npm package ecosystem used by JavaScript developers, and to a lesser extent PyPI used by Python developers, with the worm propagating by using stolen credentials to publish more infected packages. The repository provides two shell scripts. The first, scan.sh, scans a project directory for known indicators of compromise: specific filenames, suspicious install scripts, known malicious package versions, exfiltration domain names, and oversized bundle files. It can scan a single project or automatically discover every git repository inside a parent directory, and it exits with a machine readable status code so it can run as a gate inside a CI pipeline. The second script, mitigate.sh, applies remediations once an infection is confirmed, with a dry run mode to preview changes first. The README also works as an incident response guide, covering how to disable persistence hooks before rotating credentials so a dead man's switch is not triggered, how to find attacker created repositories holding exfiltrated secrets, how to revoke compromised access tokens through the GitHub web interface rather than the command line, and which specific package versions across each attack wave are known to be compromised and must not be used. You would use this if you suspect your development environment or CI pipeline may have been exposed to this attack, or want to run it as a preventive audit before problems appear. The toolkit itself is written in shell. The full README is longer than what was shown.

prompts (copy fr)

prompt 1
Explain what indicators of compromise scan.sh checks for and why each one matters.
prompt 2
Walk me through the correct order of incident response steps if scan.sh finds a match.
prompt 3
Help me integrate scan.sh into my CI pipeline as a pre-install check.
prompt 4
Summarize which npm and PyPI package versions I need to avoid right now.

Frequently asked questions

what is core-shai-hulud-mitigation fr?

A shell script toolkit that scans for and helps remediate the Shai-Hulud npm supply chain worm across your projects.

What language is core-shai-hulud-mitigation written in?

Mainly Shell. The stack also includes Shell, npm, GitHub CLI.

What license does core-shai-hulud-mitigation use?

No license file is mentioned in the README, so terms of reuse are unclear.

How hard is core-shai-hulud-mitigation to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is core-shai-hulud-mitigation for?

Mainly ops devops.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.