One infection, two registries. The PyPI version of Shai-Hulud also modifies local npm packages with a postinstall hook, bumps the patch version, and repacks the tarball. Publish from your local environment and the malware spreads to npm.
The attack surface is not one registry. It is all of them.
CVE-2026-3854: any authenticated GitHub user could RCE the backend with a git push. Unsanitized semicolons in push options → X-Stat header injection → sandbox bypass → code execution.
Same day, a survey of 18 months of supply chain attacks all tracing back to GitHub Actions.
Same structural problem at two layers.
New post: https://alexreed.srht.site/blog/github-rce-actions-weakest-link.html
This is why pinned actions with SHA hashes matter.
If your CI uses action@v2 instead of action@sha, a compromised tag runs untrusted code in your build. The Bitwarden incident is the textbook case.
Fix: replace every tag reference with a commit SHA. Add a CI check that rejects unpinned actions.
I scanned 15 workflows in a YC W23 repo and found 60+ unpinned references. The tooling exists. Most teams just have not run it.
