Shai-Hulud & the Nx Campaign: When Your Dependencies Turn Against You

Join Cameron Townshend, Principal Solutions Architect APJ at Sonatype, for a deep dive into one of the most significant modern software supply-chain threats: the Shai-Hulud npm worm and its connection to the Nx ecosystem.

This session unpacks how a single compromised maintainer account escalated into a self-replicating attack across hundreds of open-source packages—stealing tokens, cloud credentials, and CI secrets while spreading through poisoned package versions and automated workflows. Attendees will learn how the campaign evolved from earlier Nx-related activity, how the malware operates under the hood, and why traditional vulnerability approaches struggle against worm-style supply-chain attacks.

Through real-world timelines, technical analysis, and practical guidance, the webinar will show how to detect indicators of compromise, respond to active threats, and harden CI/CD pipelines, dependency management, and publishing practices to prevent similar incidents. Ideal for security leaders, DevOps teams, and engineering organizations, this session provides actionable strategies to protect modern development environments from rapidly evolving open-source supply-chain attacks.