ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Web News: The Shai‑Hulud Worm Attack (NPM Hack)"
Episode Synopsis
In this episode of Web News, Matt and Mike dive into two massive worm attacks that recently hit npm, targeting packages used in millions of projects. While the attackers aimed to steal crypto wallet keys, the actual damage was small—but the implications are enormous. We break down how these man-in-the-middle attacks worked, why shadow dependencies are such a big risk, and what tools like pnpm’s minimum release age can do to help. We also discuss whether AI might allow developers to skip quick one-time npm packages entirely, reducing dependency sprawl and potential vulnerabilities.
Show Notes: https://www.htmlallthethings.com/podcast/the-shai-hulud-worm-attack-npm-hack
Show Notes: https://www.htmlallthethings.com/podcast/the-shai-hulud-worm-attack-npm-hack
More episodes of the podcast HTML All The Things - Web Development, Web Design, Small Business
My Development Setup in Late 2025
16/12/2025
Is SEO Dead? (SEO in 2026)
09/12/2025
Should You Say No to Low-Budget Projects?
25/11/2025
Web News: Gemini Got an Upgrade (Gemini 3.0)
22/11/2025
New Web Development Tech That’s On My Radar
18/11/2025
In God we trust