@ramimacisabird on Backlist

2 appearances on the backlist front page in the last 30 days.

Shai-Hulud malware hits 32 Red Hat cloud-services npm packages

A public malware toolkit was repurposed against Red Hat npm packages with about 80k weekly downloads, turning developer install scripts into credential-theft infrastructure

by @ramimacisabird (Rami McCarthy) · backlist 2026-06-01 · rubric 95.0

27.

pnpm’s blockExoticSubdeps can blunt GitHub-reference package attacks

Setting a minimum release age is not enough if packages can still pull remote GitHub references, which pnpm can block with blockExoticSubdeps

by @ramimacisabird (Rami McCarthy) · backlist 2026-05-12 · rubric 61.0