Graph the Planet: Shai-Hulud 2.0

This report analyzes the Shai-Hulud 2.0 supply-chain worm campaign that abused GitHub PWN requests and compromised tokens to infect writable NPM packages, propagate via semantic versioning, and exfiltrate developer credentials to thousands of public GitHub repositories; it decomposes infection and propagation paths, highlights credential harvesting and public exfiltration at scale, and recommends defenses including secret scanning, rotating/avoiding long-lived tokens, and inventorying dependency chains.