TI Mindmap HUB
Threat Intelligence Report

npm Invalidates Granular Access Tokens as Mini Shai-Hulud Sweeps the Registry

๐Ÿ“… May 22, 2026 ๐Ÿ“ฐ socket.dev ๐Ÿ” 0 CVE(s) referenced

In response to a sweeping supply chain attack that compromised hundreds of npm packages, npm has invalidated all granular access tokens bypassing 2FA and introduced staged publishing to require human approval before releases go live, but fundamental risks in CI/CD workflows and trusted publishing remain unresolved.

vendor

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

๐Ÿ” Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

๐Ÿ“Š Visual Mindmap
๐ŸŽฏ IOC Extraction
โš”๏ธ MITRE ATT&CK TTPs
๐Ÿ“ฆ STIX 2.1 Bundle