Featured Zero-Day Report adds tracking for Shai-Hulud npm Supply Chain Attack - Sep 2025

Improved

We’ve expanded the Featured Zero-Day Report to include the Shai-Hulud npm supply chain attack, one of the largest compromises in the npm ecosystem to date.

This update enables Enterprise users to:

  • Identify exposure to compromised npm packages such as ngx-bootstrap and @ctrl/tinycolor.

  • Prioritize remediation and monitor progress directly in the Featured Zero-Day Report.

  • Improve visibility and accountability in zero-day response.

This addition strengthens visibility into high-impact zero-day events within Snyk Reports. By integrating the Shai-Hulud supply chain incident, customers can rapidly assess exposure, track remediation, and improve governance during ongoing threat response.

No manual action is required - data updates automatically as new advisories are published. However, running a new scan is recommended to ensure the latest results are reflected.

To learn more, visit the Featured Zero-Day Report documentation or read our blog post, Zero-day extensive NPM package compromise Shai Hulud Supply Chain Attack.

Headshot of Noa Yaffe-Ermoza

Noa Yaffe-Ermoza | Product Manager