317 npm packages compromised in supply chain attack targeting AI tools

safedep.io

317 npm packages were compromised via the account 'atool' in a 22-minute burst. The malware (Mini Shai-Hulud) targets credentials and AI tools like Claude Code and Codex, injecting persistence into developer environments.

npmSupply chain

safedep.io·via Hacker News·Discuss

28 days ago