On May 13, TeamPCP published the Shai-Hulud worm source code on GitHub. MIT license. Full documentation. The worm that hit 323 npm packages, forged security certificates, and stole credentials from build pipelines is now a public repository anyone can fork. Since then: BreachForums (an underground cybercrime marketplace) started running a bounty challenge. Post proof of a successful supply chain attack using the code, earn reputation and status. Four independent copycat attacks confirmed within two weeks. Each one tweaked the payload but used the same propagation method. Steal an npm token, enumerate the victim’s packages, publish infected versions of all of them. Releasing attack tool source code isn’t new. Metasploit and every red team framework followed the same path. The difference: those target networks. This targets the software supply chain. The blast radius is every project that installs the compromised package, and every project downstream of that. The worm is public. The question is whether the defenses catch up before the copycats get creative.

A friend in IT security showed me how he uses AI to draft security questionnaire responses: He feeds it the asset inventory, compliance framework, and last year’s responses as context. Pastes the new questionnaire. First draft comes back in 90 seconds. Then he marks everything that’s technically true but misleadingly vague, tells it to rewrite those answers to be defensible under audit, and does a final pass verifying every factual claim against current state. Total time: 45 minutes for a questionnaire with 60 questions that used to take a full day. Most of the saved time is just not starting from a blank page.

How I built my 2026 dynasty rookie draft board, and the one place I overrode it. The model weights four things: draft capital and landing spot together at 40% (where a player got picked and the offense he landed in), college production at 30% (targets, air yards, broken tackles), athletic profile at 20%, and film consensus at 10%. It spat out Jeremiyah Love at 1.01 by a wide margin. Carnell Tate and Jordyn Tyson basically tied at 1.02 and 1.03. Then a tier cliff. At 1.04 I went off-script. Took Makai Lemon over the model's pick because I trusted his route running on film more than the numbers did. I'm logging it as a deviation no matter how it turns out. If he hits, the model needs to weight film heavier. If he busts, the model was right and I wasn't. Either way, I know.

npm finally shipped the thing everyone was asking for. Every package publish now goes through a staging queue. A human has to approve it with two factor authentication before it goes live. Shipped May 22, 2026. After 14 attacks in three months. Other changes since the attacks started: GitHub now offers OIDC token binding for build pipelines (your build system can prove its identity cryptographically instead of passing around secret tokens). pnpm v11 defaults to not running install scripts automatically (those scripts are how Shai-Hulud executed its payload). Sigstore is working on verification improvements after TeamPCP proved you could forge the certificates. What hasn’t changed: PyPI still has no staged publishing. npm’s staged publishing only covers new publishes, not updates to existing packages (which is how the Axios attack worked). And no registry scans for expired maintainer email domains. The registries moved. Just not fast enough.

The node-ipc attack used a vector most developers have never thought about: an expired domain. node-ipc is a popular npm package for communication between processes. The maintainer’s email domain expired. An attacker bought it for $12, used it to request a password reset on the npm account, and took full control of the package. From there they pushed a malicious version that exfiltrated environment variables (where developers store API keys and database passwords) via DNS TXT records. DNS exfiltration is almost invisible because DNS traffic rarely gets inspected by security tools. It looks identical to normal domain lookups. $12. One expired domain. Full control of a package installed by thousands of projects. The scary part: there is no centralized check for whether a package maintainer’s email domain is still active. Right now there could be hundreds of npm packages controlled by accounts with expired email domains. Nobody is scanning for this.

A buddy who manages infrastructure told me this one: His backup job ran nightly and reported success every time. It was backing up 14 of 15 servers. The 15th was right there in the config file. Nobody noticed for two years, because the success report said '14 servers' and nobody remembered it should say 15. The cause: a semicolon instead of a comma on line 47. The parser read everything after it as a comment. Here's what stuck with me. 'Job succeeded' and 'job did what you think it did' are not the same sentence. His monitoring confirmed the backup ran. It never confirmed the backup was complete. Two years of green checkmarks hiding one missing server. Check completeness, not just health. The blind spots don't raise their hand.

The Axios npm compromise in April wasn’t TeamPCP. It was North Korea. Axios is one of the most downloaded JavaScript libraries in the world. 70 million installs per week from npm (the JavaScript package registry). It handles HTTP requests in almost every Node.js application. Microsoft attributed the attack to Sapphire Sleet, a North Korean state group. They compromised a maintainer account, pushed a backdoor version, and 600,000 developers installed it within three hours before npm pulled it. The payload was a full remote access tool. Credential harvesting, keylogging, screen capture, persistent access across reboots. Not a crypto miner. A complete surveillance package backed by a nation state. This is what supply chain attacks look like in 2026. They don’t hack your network. They poison the code you voluntarily install.

Fourteen supply chain attacks on package registries since March. Three different threat actors. Two ecosystems. Over 500 poisoned packages. Package registries are where developers download the code libraries that power applications. npm handles JavaScript (2.1 million packages), PyPI handles Python (600K ). One poisoned package can compromise every project that installs it. The actors: TeamPCP built a worm called Shai-Hulud that forges security certificates to look legitimate. North Korea’s Sapphire Sleet group hijacked the Axios library (70 million weekly downloads) and backdoored 600K machines in three hours. Copycats are now recycling both playbooks on smaller targets. The tooling is public, the registries are still catching up, and npm only shipped mandatory human review for new publishes three weeks ago.