Featured Zero-Day Report adds tracking for Shai-Hulud npm Supply Chain Attack - Sep 2025
We’ve expanded the Featured Zero-Day Report to include the Shai-Hulud npm supply chain attack, one of the largest compromises in the npm ecosystem to date.
This update enables Enterprise users to:
Identify exposure to compromised npm packages such as
ngx-bootstrap
and@ctrl/tinycolor.
Prioritize remediation and monitor progress directly in the Featured Zero-Day Report.
Improve visibility and accountability in zero-day response.
This addition strengthens visibility into high-impact zero-day events within Snyk Reports. By integrating the Shai-Hulud supply chain incident, customers can rapidly assess exposure, track remediation, and improve governance during ongoing threat response.
No manual action is required - data updates automatically as new advisories are published. However, running a new scan is recommended to ensure the latest results are reflected.
To learn more, visit the Featured Zero-Day Report documentation or read our blog post, Zero-day extensive NPM package compromise Shai Hulud Supply Chain Attack.

Noa Yaffe-Ermoza | Product Manager