Skip to content

Instantly share code, notes, and snippets.

View aaroneast1's full-sized avatar
🏠
Working from home

Aaron aaroneast1

🏠
Working from home
14 followers · 14 following
View GitHub Profile
@aaroneast1
aaroneast1 / Shai-Hulud.md
Created September 22, 2025 07:34
Shai-Hulud NPM Worm Detection and Removal Guide

Shai-Hulud NPM Worm Detection and Removal Guide

Overview

The Shai-Hulud worm is a self-replicating malware that has compromised 500+ npm packages. It steals credentials, creates malicious GitHub repositories, and spreads automatically across the npm ecosystem. This guide provides step-by-step detection and removal instructions.

How I Detected the Infection

During a routine project update where I cleared npm dependency cache and updated my Dockerfile and GitHub workflow, my Docker build started hanging unexpectedly. Initially suspecting my Dockerfile changes, I reverted them but the issue persisted. This suspicious behavior led me to investigate npm-related issues, where I discovered news about the Shai-Hulud worm infecting 500+ packages. Upon checking, I found several compromised packages in my project dependencies.

@aaroneast1
aaroneast1 / keybase.md
Created October 4, 2019 08:46

Keybase proof

I hereby claim:

  • I am aaroneast1 on github.
  • I am aaroncloud (https://keybase.io/aaroncloud) on keybase.
  • I have a public key ASAP2xOpmLbU2t0kkyeLcnHlcGNGe2pcZ3HT2nGPc9bkywo

To claim this, I am signing this object:

@aaroneast1
aaroneast1 / rpm-digital-signature.sh
Created November 2, 2017 14:20 — forked from fernandoaleman/rpm-digital-signature.sh
How to sign your custom RPM package with GPG key
# How to sign your custom RPM package with GPG key
# Step: 1
# Generate gpg key pair (public key and private key)
#
# You will be prompted with a series of questions about encryption.
# Simply select the default values presented. You will also be asked
# to create a Real Name, Email Address and Comment (comment optional).
#
# If you get the following response: