https://karmine05.github.io/dirtyfrag-blog/tags/npm/ Recent content in Npm on investigator's notes Hugo en-us Tue, 12 May 2026 08:00:00 -0400 https://karmine05.github.io/dirtyfrag-blog/posts/mini-shai-hulud-tanstack-supply-chain/ Tue, 12 May 2026 08:00:00 -0400 https://karmine05.github.io/dirtyfrag-blog/posts/mini-shai-hulud-tanstack-supply-chain/ CVE-2026-45321 is an active npm supply chain worm daemonizing on install and harvesting developer credentials across GitHub Actions, AWS, Vault, and Kubernetes. Full IoC set, Fleet detection tooling, and results from scanning 30 hosts — plus the critical gap in Fleet's npm table and why the deep scan scripts exist.