Featured Zero-Day Report adds tracking for Shai-Hulud npm Supply Chain Attack - Sep 2025
We’ve expanded the Featured Zero-Day Report to include the Shai-Hulud npm supply chain attack, one of the largest compromises in the npm ecosystem to date.
This update enables Enterprise users to:
Identify exposure to compromised npm packages such as
ngx-bootstrapand@ctrl/tinycolor.Prioritize remediation and monitor progress directly in the Featured Zero-Day Report.
Improve visibility and accountability in zero-day response.
This addition strengthens visibility into high-impact zero-day events within Snyk Reports. By integrating the Shai-Hulud supply chain incident, customers can rapidly assess exposure, track remediation, and improve governance during ongoing threat response.
No manual action is required - data updates automatically as new advisories are published. However, running a new scan is recommended to ensure the latest results are reflected.
To learn more, visit the Featured Zero-Day Report documentation or read our blog post, Zero-day extensive NPM package compromise Shai Hulud Supply Chain Attack.
Noa Yaffe-Ermoza | Product Manager