Why does this keep happening?
Supply chain attack Npm security Github actions Shai Hulud worm Tanstack Cache poisoning Package manager security Cybersecurity Dev containers Pnpm Web security Development tools
Scott and Wes analyze the Mini Shai-Hulud supply chain attack that compromised TanStack and other npm packages through GitHub Actions cache poisoning, creating a self-propagating worm that stole credentials via Claude Code hooks and VS Code tasks. The video covers attack mechanics and practical defenses including pnpm security defaults and dev containers. Ideal for JavaScript/TypeScript developers using npm and GitHub Actions.
Related videos
A single PR just hijacked the NPM registry...
Github’s Wildest Hack Yet
It just keeps getting worse
Stop Updating Your Software (No, Seriously)
this is crazy.
Is TanStack Starts Deferred Hydration Revolutionary?
Use VS Code Agents, GitHub Copilot, and the MSSQL extension to build AI apps | Data Exposed
The Rise of Automated Fraud: Architecting Security Against "AI Slop"
GitHub Copilot Dev Days
Why Did They Build This?
Scott and Mark Learn to Vibe Check
