Write Code With Less Legal Risk | Legal Expert MCP Server
https://www.reddit.com/r/programming/comments/1nhek3s/write_code_with_less_legal_risk_legal_expert_mcp/
<!-- SC_OFF -->Hello everyone, As a software engineer I’ve often noticed devs run into the same issue: they don’t know the legal landscape when creating a new app or business idea. I faced this problem many times. Since I used to be an attorney, I consolidated my knowledge into a legal expert MCP server. It exposes these prompts: legal_landscape_discovery comprehensive_privacy_audit ai_ethics_and_compliance_scan intellectual_property_and_oss_audit market_and_customer_compliance_audit website_and_app_legal_disclosure_check security_legal_alignment_check risk_analysis_framework legal_expert_prompts_catalog It’s the first version, but I wanted to share. I’m not here to self-promote. I just wanted to create something that will help other devs. if you’re interested, let me know and I’ll DM you the GitHub repo. Feel free to fork or extend it. (Works with VS Code GitHub Copilot and Cursor as slash commands with arguments. There’s currently a bug with MCP prompts in Claude code.) Necessary Disclaimer: This MCP server produces informational analyses only. It is not legal advice, I take no responsibility for any legal or compliance consequences, and you use it entirely at your own risk given the inherent limitations and hallucinations of LLMs. <!-- SC_ON --> submitted by /u/DimWebDev (https://www.reddit.com/user/DimWebDev)
[link] (https://github.com/DimWebDev/legal_expert_mcp_server) [comments] (https://www.reddit.com/r/programming/comments/1nhek3s/write_code_with_less_legal_risk_legal_expert_mcp/)
https://www.reddit.com/r/programming/comments/1nhek3s/write_code_with_less_legal_risk_legal_expert_mcp/
<!-- SC_OFF -->Hello everyone, As a software engineer I’ve often noticed devs run into the same issue: they don’t know the legal landscape when creating a new app or business idea. I faced this problem many times. Since I used to be an attorney, I consolidated my knowledge into a legal expert MCP server. It exposes these prompts: legal_landscape_discovery comprehensive_privacy_audit ai_ethics_and_compliance_scan intellectual_property_and_oss_audit market_and_customer_compliance_audit website_and_app_legal_disclosure_check security_legal_alignment_check risk_analysis_framework legal_expert_prompts_catalog It’s the first version, but I wanted to share. I’m not here to self-promote. I just wanted to create something that will help other devs. if you’re interested, let me know and I’ll DM you the GitHub repo. Feel free to fork or extend it. (Works with VS Code GitHub Copilot and Cursor as slash commands with arguments. There’s currently a bug with MCP prompts in Claude code.) Necessary Disclaimer: This MCP server produces informational analyses only. It is not legal advice, I take no responsibility for any legal or compliance consequences, and you use it entirely at your own risk given the inherent limitations and hallucinations of LLMs. <!-- SC_ON --> submitted by /u/DimWebDev (https://www.reddit.com/user/DimWebDev)
[link] (https://github.com/DimWebDev/legal_expert_mcp_server) [comments] (https://www.reddit.com/r/programming/comments/1nhek3s/write_code_with_less_legal_risk_legal_expert_mcp/)
Why you should care about the JDBC fetch size
https://www.reddit.com/r/programming/comments/1nhjby7/why_you_should_care_about_the_jdbc_fetch_size/
submitted by /u/Active-Fuel-49 (https://www.reddit.com/user/Active-Fuel-49)
[link] (https://in.relation.to/2025/01/24/jdbc-fetch-size/) [comments] (https://www.reddit.com/r/programming/comments/1nhjby7/why_you_should_care_about_the_jdbc_fetch_size/)
https://www.reddit.com/r/programming/comments/1nhjby7/why_you_should_care_about_the_jdbc_fetch_size/
submitted by /u/Active-Fuel-49 (https://www.reddit.com/user/Active-Fuel-49)
[link] (https://in.relation.to/2025/01/24/jdbc-fetch-size/) [comments] (https://www.reddit.com/r/programming/comments/1nhjby7/why_you_should_care_about_the_jdbc_fetch_size/)
Rye Tables vs Python/Pandas: A Different Way to Wrangle Data
https://www.reddit.com/r/programming/comments/1nhjk44/rye_tables_vs_pythonpandas_a_different_way_to/
submitted by /u/symbolicard (https://www.reddit.com/user/symbolicard)
[link] (https://ryelang.org/blog/posts/comparing_tables_to_python/) [comments] (https://www.reddit.com/r/programming/comments/1nhjk44/rye_tables_vs_pythonpandas_a_different_way_to/)
https://www.reddit.com/r/programming/comments/1nhjk44/rye_tables_vs_pythonpandas_a_different_way_to/
submitted by /u/symbolicard (https://www.reddit.com/user/symbolicard)
[link] (https://ryelang.org/blog/posts/comparing_tables_to_python/) [comments] (https://www.reddit.com/r/programming/comments/1nhjk44/rye_tables_vs_pythonpandas_a_different_way_to/)
Hosting a website on a disposable vape
https://www.reddit.com/r/programming/comments/1nhs5ti/hosting_a_website_on_a_disposable_vape/
submitted by /u/iamkeyur (https://www.reddit.com/user/iamkeyur)
[link] (https://bogdanthegeek.github.io/blog/projects/vapeserver/) [comments] (https://www.reddit.com/r/programming/comments/1nhs5ti/hosting_a_website_on_a_disposable_vape/)
https://www.reddit.com/r/programming/comments/1nhs5ti/hosting_a_website_on_a_disposable_vape/
submitted by /u/iamkeyur (https://www.reddit.com/user/iamkeyur)
[link] (https://bogdanthegeek.github.io/blog/projects/vapeserver/) [comments] (https://www.reddit.com/r/programming/comments/1nhs5ti/hosting_a_website_on_a_disposable_vape/)
Algebraic Types are not Scary, Actually
https://www.reddit.com/r/programming/comments/1nhw43z/algebraic_types_are_not_scary_actually/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://blog.aiono.dev/posts/algebraic-types-are-not-scary,-actually.html) [comments] (https://www.reddit.com/r/programming/comments/1nhw43z/algebraic_types_are_not_scary_actually/)
https://www.reddit.com/r/programming/comments/1nhw43z/algebraic_types_are_not_scary_actually/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://blog.aiono.dev/posts/algebraic-types-are-not-scary,-actually.html) [comments] (https://www.reddit.com/r/programming/comments/1nhw43z/algebraic_types_are_not_scary_actually/)
The E Language
https://www.reddit.com/r/programming/comments/1nhw4ml/the_e_language/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (http://erights.org/elang/index.html) [comments] (https://www.reddit.com/r/programming/comments/1nhw4ml/the_e_language/)
https://www.reddit.com/r/programming/comments/1nhw4ml/the_e_language/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (http://erights.org/elang/index.html) [comments] (https://www.reddit.com/r/programming/comments/1nhw4ml/the_e_language/)
React Won by Default – And It's Killing Frontend Innovation
https://www.reddit.com/r/programming/comments/1nhw51a/react_won_by_default_and_its_killing_frontend/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.lorenstew.art/blog/react-won-by-default/) [comments] (https://www.reddit.com/r/programming/comments/1nhw51a/react_won_by_default_and_its_killing_frontend/)
https://www.reddit.com/r/programming/comments/1nhw51a/react_won_by_default_and_its_killing_frontend/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.lorenstew.art/blog/react-won-by-default/) [comments] (https://www.reddit.com/r/programming/comments/1nhw51a/react_won_by_default_and_its_killing_frontend/)
Smalltalk and Lambda Calculus
https://www.reddit.com/r/programming/comments/1nhw59d/smalltalk_and_lambda_calculus/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://blog.ielliott.io/smalltalk-and-lambda-calculus) [comments] (https://www.reddit.com/r/programming/comments/1nhw59d/smalltalk_and_lambda_calculus/)
https://www.reddit.com/r/programming/comments/1nhw59d/smalltalk_and_lambda_calculus/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://blog.ielliott.io/smalltalk-and-lambda-calculus) [comments] (https://www.reddit.com/r/programming/comments/1nhw59d/smalltalk_and_lambda_calculus/)
Protecting Rust against supply chain attacks
https://www.reddit.com/r/programming/comments/1nhw5qd/protecting_rust_against_supply_chain_attacks/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://kerkour.com/rust-supply-chain-attacks) [comments] (https://www.reddit.com/r/programming/comments/1nhw5qd/protecting_rust_against_supply_chain_attacks/)
https://www.reddit.com/r/programming/comments/1nhw5qd/protecting_rust_against_supply_chain_attacks/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://kerkour.com/rust-supply-chain-attacks) [comments] (https://www.reddit.com/r/programming/comments/1nhw5qd/protecting_rust_against_supply_chain_attacks/)
The pirate-based logic of Rust shared references
https://www.reddit.com/r/programming/comments/1nhw5s3/the_piratebased_logic_of_rust_shared_references/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (http://ais523.me.uk/blog/logic-of-shared-references.html) [comments] (https://www.reddit.com/r/programming/comments/1nhw5s3/the_piratebased_logic_of_rust_shared_references/)
https://www.reddit.com/r/programming/comments/1nhw5s3/the_piratebased_logic_of_rust_shared_references/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (http://ais523.me.uk/blog/logic-of-shared-references.html) [comments] (https://www.reddit.com/r/programming/comments/1nhw5s3/the_piratebased_logic_of_rust_shared_references/)
Rendezvous Hashing Explained
https://www.reddit.com/r/programming/comments/1nhw5x1/rendezvous_hashing_explained/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://randorithms.com/2020/12/26/rendezvous-hashing.html) [comments] (https://www.reddit.com/r/programming/comments/1nhw5x1/rendezvous_hashing_explained/)
https://www.reddit.com/r/programming/comments/1nhw5x1/rendezvous_hashing_explained/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://randorithms.com/2020/12/26/rendezvous-hashing.html) [comments] (https://www.reddit.com/r/programming/comments/1nhw5x1/rendezvous_hashing_explained/)
Infinite Relations
https://www.reddit.com/r/programming/comments/1nhw64v/infinite_relations/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://buttondown.com/jaffray/archive/infinite-relations/) [comments] (https://www.reddit.com/r/programming/comments/1nhw64v/infinite_relations/)
https://www.reddit.com/r/programming/comments/1nhw64v/infinite_relations/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://buttondown.com/jaffray/archive/infinite-relations/) [comments] (https://www.reddit.com/r/programming/comments/1nhw64v/infinite_relations/)
PythonBPF – Writing eBPF Programs in Pure Python
https://www.reddit.com/r/programming/comments/1nhw6x9/pythonbpf_writing_ebpf_programs_in_pure_python/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://xeon.me/gnome/pythonbpf/) [comments] (https://www.reddit.com/r/programming/comments/1nhw6x9/pythonbpf_writing_ebpf_programs_in_pure_python/)
https://www.reddit.com/r/programming/comments/1nhw6x9/pythonbpf_writing_ebpf_programs_in_pure_python/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://xeon.me/gnome/pythonbpf/) [comments] (https://www.reddit.com/r/programming/comments/1nhw6x9/pythonbpf_writing_ebpf_programs_in_pure_python/)
Analyzing the memory ordering models of the Apple M1
https://www.reddit.com/r/programming/comments/1nhw8mn/analyzing_the_memory_ordering_models_of_the_apple/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.sciencedirect.com/science/article/pii/S1383762124000390) [comments] (https://www.reddit.com/r/programming/comments/1nhw8mn/analyzing_the_memory_ordering_models_of_the_apple/)
https://www.reddit.com/r/programming/comments/1nhw8mn/analyzing_the_memory_ordering_models_of_the_apple/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.sciencedirect.com/science/article/pii/S1383762124000390) [comments] (https://www.reddit.com/r/programming/comments/1nhw8mn/analyzing_the_memory_ordering_models_of_the_apple/)
Writing an operating system kernel from scratch
https://www.reddit.com/r/programming/comments/1nhw8tv/writing_an_operating_system_kernel_from_scratch/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://popovicu.com/posts/writing-an-operating-system-kernel-from-scratch/) [comments] (https://www.reddit.com/r/programming/comments/1nhw8tv/writing_an_operating_system_kernel_from_scratch/)
https://www.reddit.com/r/programming/comments/1nhw8tv/writing_an_operating_system_kernel_from_scratch/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://popovicu.com/posts/writing-an-operating-system-kernel-from-scratch/) [comments] (https://www.reddit.com/r/programming/comments/1nhw8tv/writing_an_operating_system_kernel_from_scratch/)
Highlights from Git 2.51
https://www.reddit.com/r/programming/comments/1nhw9wf/highlights_from_git_251/
submitted by /u/initcommit (https://www.reddit.com/user/initcommit)
[link] (https://github.blog/open-source/git/highlights-from-git-2-51/) [comments] (https://www.reddit.com/r/programming/comments/1nhw9wf/highlights_from_git_251/)
https://www.reddit.com/r/programming/comments/1nhw9wf/highlights_from_git_251/
submitted by /u/initcommit (https://www.reddit.com/user/initcommit)
[link] (https://github.blog/open-source/git/highlights-from-git-2-51/) [comments] (https://www.reddit.com/r/programming/comments/1nhw9wf/highlights_from_git_251/)
RIP pthread_cancel
https://www.reddit.com/r/programming/comments/1nhwagp/rip_pthread_cancel/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://eissing.org/icing/posts/rip_pthread_cancel/) [comments] (https://www.reddit.com/r/programming/comments/1nhwagp/rip_pthread_cancel/)
https://www.reddit.com/r/programming/comments/1nhwagp/rip_pthread_cancel/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://eissing.org/icing/posts/rip_pthread_cancel/) [comments] (https://www.reddit.com/r/programming/comments/1nhwagp/rip_pthread_cancel/)
Adaptive Programming Systems for Humans and AI
https://www.reddit.com/r/programming/comments/1nibk9s/adaptive_programming_systems_for_humans_and_ai/
<!-- SC_OFF -->Just like buildings, software must be built to evolve. My new article explores the challenges that arise when humans and AI collaborate on programming and how we can mitigate these issues to create a more resilient ecosystem. https://gfrison.com/2025/adaptive-programming-systems <!-- SC_ON --> submitted by /u/gfrison (https://www.reddit.com/user/gfrison)
[link] (https://gfrison.com/2025/adaptive-programming-systems) [comments] (https://www.reddit.com/r/programming/comments/1nibk9s/adaptive_programming_systems_for_humans_and_ai/)
https://www.reddit.com/r/programming/comments/1nibk9s/adaptive_programming_systems_for_humans_and_ai/
<!-- SC_OFF -->Just like buildings, software must be built to evolve. My new article explores the challenges that arise when humans and AI collaborate on programming and how we can mitigate these issues to create a more resilient ecosystem. https://gfrison.com/2025/adaptive-programming-systems <!-- SC_ON --> submitted by /u/gfrison (https://www.reddit.com/user/gfrison)
[link] (https://gfrison.com/2025/adaptive-programming-systems) [comments] (https://www.reddit.com/r/programming/comments/1nibk9s/adaptive_programming_systems_for_humans_and_ai/)
Self-replicating worm like behaviour in latest npm Supply Chain Attack
https://www.reddit.com/r/programming/comments/1niehal/selfreplicating_worm_like_behaviour_in_latest_npm/
<!-- SC_OFF -->We are investigating another npm supply chain attack. However, this one seems to be particularly interesting. Malicious payload include: Credential stealing using trufflehog scanning entire filesystem Exposing GitHub private repositories AWS credentials stealing Most surprisingly, we are observing self-replicating worm like behaviour if npm tokens are found from .npmrc and the affected user have packages published to npm. Exposed GitHub repositories can be searched here (https://github.com/search?q=%22Shai-Hulud+Migration%22&type=repositories&s=updated&o=desc). Take immediate action if you are impacted. Full technical details here (https://safedep.io/npm-supply-chain-attack-targeting-maintainers/). <!-- SC_ON --> submitted by /u/N1ghtCod3r (https://www.reddit.com/user/N1ghtCod3r)
[link] (https://safedep.io/npm-supply-chain-attack-targeting-maintainers/) [comments] (https://www.reddit.com/r/programming/comments/1niehal/selfreplicating_worm_like_behaviour_in_latest_npm/)
https://www.reddit.com/r/programming/comments/1niehal/selfreplicating_worm_like_behaviour_in_latest_npm/
<!-- SC_OFF -->We are investigating another npm supply chain attack. However, this one seems to be particularly interesting. Malicious payload include: Credential stealing using trufflehog scanning entire filesystem Exposing GitHub private repositories AWS credentials stealing Most surprisingly, we are observing self-replicating worm like behaviour if npm tokens are found from .npmrc and the affected user have packages published to npm. Exposed GitHub repositories can be searched here (https://github.com/search?q=%22Shai-Hulud+Migration%22&type=repositories&s=updated&o=desc). Take immediate action if you are impacted. Full technical details here (https://safedep.io/npm-supply-chain-attack-targeting-maintainers/). <!-- SC_ON --> submitted by /u/N1ghtCod3r (https://www.reddit.com/user/N1ghtCod3r)
[link] (https://safedep.io/npm-supply-chain-attack-targeting-maintainers/) [comments] (https://www.reddit.com/r/programming/comments/1niehal/selfreplicating_worm_like_behaviour_in_latest_npm/)
Crowdstrike Packages Infected with Malware (and other 167 packages infected as well)
https://www.reddit.com/r/programming/comments/1nihrpt/crowdstrike_packages_infected_with_malware_and/
<!-- SC_OFF -->sigh.... Kinda getting sick of writing these, absolutely insane the pace of supply chain attacks anyway...
The same ThreatActors behind the NX S1ngularity attack have launched a self-replicating worm, it's infected 187 packages and its terrifying. Yesterday a software developer Daniel Pereira (https://www.linkedin.com/in/daniel-pereira-b17a27160/)noticed a weird repo being created.... when he looked into it he was the first to realize that actually tinycolor (https://www.npmjs.com/package/@ctrl/tinycolor)was infected with malware. He reached out to multiple people, no one took him seriously until he reached out to Socket who discovered that 40 packages were compromised (https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages). Fun story, a little concerning but honestly this happens a lot so it's not crazy.... But then it got worse, so much worse. When I woke up, our lead researcher Charlie Erikson had discovered that actually a total of 187 packages were compromised (147 more than Socket had reported) 20 of which were from Crowdstrike. What does the worm do Harvest: scans the host and CI environment for secrets — process.env, scanning with TruffleHog, and cloud metadata endpoints (AWS/GCP) that return instance/service credentials. Exfiltrate (1) — GitHub repo: creates a repo named Shai-Hulud under the compromised account and commits a JSON dump containing system info, environment variables, and collected secrets. Exfiltrate (2) — GitHub Actions → webhook: drops a workflow .github/workflows/shai-hulud-workflow.yml that serializes ${{ toJSON(secrets) }}, POSTs them to an attacker webhook[.]site URL and writes a double-base64 copy into the Actions logs. Propagate: uses any valid npm tokens it finds to enumerate and attempt to update packages the compromised maintainer controls (supply-chain propagation). Amplify: iterates the victim’s accessible repositories, making them public or adding the workflow/branch that will trigger further runs and leaks. Its already turned 700 previously private repositories public (https://github.com/search?q=Shai-Hulud+Migration&ref=opensearch&type=repositories&s=updated&o=asc) This number will go down as they are removed by maintainers if you remeber the S1ngularity breach this is the exact same type of attacker and 100% the same attackers. The questions I have from that attack remain.... I have no idea why they are exfiltrating secrets to Public GitHub repos and not a private C2 servers (other than to cause chaos) The malicious versions have since been removed by Crowdstrikes account. Here is a total list of the packages compromised and their versions @ahmedhfarag/ngx-perfect-scrollbar 20.0.20 @ahmedhfarag/ngx-virtual-scroller 4.0.4 @art-ws/common 2.0.28 @art-ws/config-eslint 2.0.4, 2.0.5 @art-ws/config-ts 2.0.7, 2.0.8 @art-ws/db-context 2.0.24 @art-ws/di 2.0.28, 2.0.32 @art-ws/di-node 2.0.13 @art-ws/eslint 1.0.5, 1.0.6 @art-ws/fastify-http-server 2.0.24, 2.0.27 @art-ws/http-server 2.0.21, 2.0.25 @art-ws/openapi 0.1.9, 0.1.12 @art-ws/package-base 1.0.5, 1.0.6 @art-ws/prettier 1.0.5, 1.0.6 @art-ws/slf 2.0.15, 2.0.22 @art-ws/ssl-info 1.0.9, 1.0.10 @art-ws/web-app 1.0.3, 1.0.4 @crowdstrike/commitlint 8.1.1, 8.1.2 @crowdstrike/falcon-shoelace 0.4.1, 0.4.2 @crowdstrike/foundry-js 0.19.1, 0.19.2 @crowdstrike/glide-core 0.34.2, 0.34.3 @crowdstrike/logscale-dashboard 1.205.1, 1.205.2 @crowdstrike/logscale-file-editor 1.205.1, 1.205.2 @crowdstrike/logscale-parser-edit 1.205.1, 1.205.2 @crowdstrike/logscale-search 1.205.1, 1.205.2 @crowdstrike/tailwind-toucan-base 5.0.1, 5.0.2 @ctrl/deluge 7.2.1, 7.2.2 @ctrl/golang-template 1.4.2, 1.4.3 @ctrl/magnet-link 4.0.3, 4.0.4 @ctrl/ngx-codemirror 7.0.1, 7.0.2 @ctrl/ngx-csv 6.0.1,
https://www.reddit.com/r/programming/comments/1nihrpt/crowdstrike_packages_infected_with_malware_and/
<!-- SC_OFF -->sigh.... Kinda getting sick of writing these, absolutely insane the pace of supply chain attacks anyway...
The same ThreatActors behind the NX S1ngularity attack have launched a self-replicating worm, it's infected 187 packages and its terrifying. Yesterday a software developer Daniel Pereira (https://www.linkedin.com/in/daniel-pereira-b17a27160/)noticed a weird repo being created.... when he looked into it he was the first to realize that actually tinycolor (https://www.npmjs.com/package/@ctrl/tinycolor)was infected with malware. He reached out to multiple people, no one took him seriously until he reached out to Socket who discovered that 40 packages were compromised (https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages). Fun story, a little concerning but honestly this happens a lot so it's not crazy.... But then it got worse, so much worse. When I woke up, our lead researcher Charlie Erikson had discovered that actually a total of 187 packages were compromised (147 more than Socket had reported) 20 of which were from Crowdstrike. What does the worm do Harvest: scans the host and CI environment for secrets — process.env, scanning with TruffleHog, and cloud metadata endpoints (AWS/GCP) that return instance/service credentials. Exfiltrate (1) — GitHub repo: creates a repo named Shai-Hulud under the compromised account and commits a JSON dump containing system info, environment variables, and collected secrets. Exfiltrate (2) — GitHub Actions → webhook: drops a workflow .github/workflows/shai-hulud-workflow.yml that serializes ${{ toJSON(secrets) }}, POSTs them to an attacker webhook[.]site URL and writes a double-base64 copy into the Actions logs. Propagate: uses any valid npm tokens it finds to enumerate and attempt to update packages the compromised maintainer controls (supply-chain propagation). Amplify: iterates the victim’s accessible repositories, making them public or adding the workflow/branch that will trigger further runs and leaks. Its already turned 700 previously private repositories public (https://github.com/search?q=Shai-Hulud+Migration&ref=opensearch&type=repositories&s=updated&o=asc) This number will go down as they are removed by maintainers if you remeber the S1ngularity breach this is the exact same type of attacker and 100% the same attackers. The questions I have from that attack remain.... I have no idea why they are exfiltrating secrets to Public GitHub repos and not a private C2 servers (other than to cause chaos) The malicious versions have since been removed by Crowdstrikes account. Here is a total list of the packages compromised and their versions @ahmedhfarag/ngx-perfect-scrollbar 20.0.20 @ahmedhfarag/ngx-virtual-scroller 4.0.4 @art-ws/common 2.0.28 @art-ws/config-eslint 2.0.4, 2.0.5 @art-ws/config-ts 2.0.7, 2.0.8 @art-ws/db-context 2.0.24 @art-ws/di 2.0.28, 2.0.32 @art-ws/di-node 2.0.13 @art-ws/eslint 1.0.5, 1.0.6 @art-ws/fastify-http-server 2.0.24, 2.0.27 @art-ws/http-server 2.0.21, 2.0.25 @art-ws/openapi 0.1.9, 0.1.12 @art-ws/package-base 1.0.5, 1.0.6 @art-ws/prettier 1.0.5, 1.0.6 @art-ws/slf 2.0.15, 2.0.22 @art-ws/ssl-info 1.0.9, 1.0.10 @art-ws/web-app 1.0.3, 1.0.4 @crowdstrike/commitlint 8.1.1, 8.1.2 @crowdstrike/falcon-shoelace 0.4.1, 0.4.2 @crowdstrike/foundry-js 0.19.1, 0.19.2 @crowdstrike/glide-core 0.34.2, 0.34.3 @crowdstrike/logscale-dashboard 1.205.1, 1.205.2 @crowdstrike/logscale-file-editor 1.205.1, 1.205.2 @crowdstrike/logscale-parser-edit 1.205.1, 1.205.2 @crowdstrike/logscale-search 1.205.1, 1.205.2 @crowdstrike/tailwind-toucan-base 5.0.1, 5.0.2 @ctrl/deluge 7.2.1, 7.2.2 @ctrl/golang-template 1.4.2, 1.4.3 @ctrl/magnet-link 4.0.3, 4.0.4 @ctrl/ngx-codemirror 7.0.1, 7.0.2 @ctrl/ngx-csv 6.0.1,
6.0.2 @ctrl/ngx-emoji-mart 9.2.1, 9.2.2 @ctrl/ngx-rightclick 4.0.1, 4.0.2 @ctrl/qbittorrent 9.7.1, 9.7.2 @ctrl/react-adsense 2.0.1, 2.0.2 @ctrl/shared-torrent 6.3.1, 6.3.2 @ctrl/tinycolor 4.1.1, 4.1.2 @ctrl/torrent-file 4.1.1, 4.1.2 @ctrl/transmission 7.3.1 @ctrl/ts-base32 4.0.1, 4.0.2 @hestjs/core 0.2.1 @hestjs/cqrs 0.1.6 @hestjs/demo 0.1.2 @hestjs/eslint-config 0.1.2 @hestjs/logger 0.1.6 @hestjs/scalar 0.1.7 @hestjs/validation 0.1.6 @nativenoscript-community/arraybuffers 1.1.6, 1.1.7, 1.1.8 @nativenoscript-community/gesturehandler 2.0.35 @nativenoscript-community/perms 3.0.5, 3.0.6, 3.0.7, 3.0.8 @nativenoscript-community/sqlite 3.5.2, 3.5.3, 3.5.4, 3.5.5 @nativenoscript-community/text 1.6.9, 1.6.10, 1.6.11, 1.6.12 @nativenoscript-community/typeorm 0.2.30, 0.2.31, 0.2.32, 0.2.33 @nativenoscript-community/ui-collectionview 6.0.6 @nativenoscript-community/ui-document-picker 1.1.27, 1.1.28 @nativenoscript-community/ui-drawer 0.1.30 @nativenoscript-community/ui-image 4.5.6 @nativenoscript-community/ui-label 1.3.35, 1.3.36, 1.3.37 @nativenoscript-community/ui-material-bottom-navigation 7.2.72, 7.2.73, 7.2.74, 7.2.75 @nativenoscript-community/ui-material-bottomsheet 7.2.72 @nativenoscript-community/ui-material-core 7.2.72, 7.2.73, 7.2.74, 7.2.75 @nativenoscript-community/ui-material-core-tabs 7.2.72, 7.2.73, 7.2.74, 7.2.75 @nativenoscript-community/ui-material-ripple 7.2.72, 7.2.73, 7.2.74, 7.2.75 @nativenoscript-community/ui-material-tabs 7.2.72, 7.2.73, 7.2.74, 7.2.75 @nativenoscript-community/ui-pager 14.1.36, 14.1.37, 14.1.38 @nativenoscript-community/ui-pulltorefresh 2.5.4, 2.5.5, 2.5.6, 2.5.7 @nexe/config-manager 0.1.1 @nexe/eslint-config 0.1.1 @nexe/logger 0.1.3 @nstudio/angular 20.0.4, 20.0.5, 20.0.6 @nstudio/focus 20.0.4, 20.0.5, 20.0.6 @nstudio/nativenoscript-checkbox 2.0.6, 2.0.7, 2.0.8, 2.0.9 @nstudio/nativenoscript-loading-indicator 5.0.1, 5.0.2, 5.0.3, 5.0.4 @nstudio/ui-collectionview 5.1.11, 5.1.12, 5.1.13, 5.1.14 @nstudio/web 20.0.4 @nstudio/web-angular 20.0.4 @nstudio/xplat 20.0.5, 20.0.6, 20.0.7 @nstudio/xplat-utils 20.0.5, 20.0.6, 20.0.7 @operato/board 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46 @operato/data-grist 9.0.29, 9.0.35, 9.0.36, 9.0.37 @operato/graphql 9.0.22, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46 @operato/headroom 9.0.2, 9.0.35, 9.0.36, 9.0.37 @operato/help 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46 @operato/i18n 9.0.35, 9.0.36, 9.0.37 @operato/input 9.0.27, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46 @operato/layout 9.0.35, 9.0.36, 9.0.37 @operato/popup 9.0.22, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46 @operato/pull-to-refresh 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42 @operato/shell 9.0.22, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39 @operato/styles 9.0.2, 9.0.35, 9.0.36, 9.0.37 @operato/utils 9.0.22, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46 @teselagen/bounce-loader 0.3.16, 0.3.17 @teselagen/liquibase-tools 0.4.1 @teselagen/range-utils 0.3.14, 0.3.15 @teselagen/react-list 0.8.19, 0.8.20 @teselagen/react-table 6.10.19 @thangved/callback-window 1.1.4 @things-factory/attachment-base 9.0.43, 9.0.44, 9.0.45, 9.0.46, 9.0.47, 9.0.48, 9.0.49, 9.0.50 @things-factory/auth-base 9.0.43, 9.0.44, 9.0.45 @things-factory/email-base 9.0.42, 9.0.43, 9.0.44, 9.0.45, 9.0.46, 9.0.47, 9.0.48, 9.0.49, 9.0.50, 9.0.51, 9.0.52, 9.0.53, 9.0.54 @things-factory/env 9.0.42, 9.0.43, 9.0.44, 9.0.45 @things-factory/integration-base 9.0.43, 9.0.44, 9.0.45 @things-factory/integration-marketplace 9.0.43, 9.0.44, 9.0.45 @things-factory/shell 9.0.43, 9.0.44, 9.0.45 @tnf-dev/api 1.0.8 @tnf-dev/core 1.0.8 @tnf-dev/js