{
  "title": "shai_hulululud npm Package Uses Prompt Injection and Token Flooding to Disrupt AI Malware Scanners",
  "summary": "Socket identified shai_hulululud@1.0.48596 as a deliberately packed npm package that appears designed to probe or disrupt AI-assisted malware review with prompt-injection text, safety-triggering comments, context flooding, and obfuscated JavaScript.",
  "date": "2026-06-16",
  "severity": "medium",
  "tags": [
    "npm",
    "supply-chain",
    "ai-tools",
    "ai-assistants",
    "malicious-package",
    "anti-analysis"
  ],
  "sources_count": 3,
  "indicators": {
    "slug": "shai-hulululud-ai-scanner-disruption-package",
    "since": "2026-06-16T13:01:59Z",
    "until": "2026-06-16T23:59:59Z",
    "ecosystem": "",
    "cves": [],
    "cwes": [],
    "advisoryIds": [],
    "products": [],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [],
    "urls": [
      "https://registry.npmjs.org/shai_hulululud`",
      "https://registry.npmjs.org/shai_hulululud/-/shai_hulululud-1.0.48596.tgz`"
    ],
    "ips": [],
    "hashes": [
      "9dcce285116e31a5c8f8e3a4ed596a791e62c3e47185e4ee36c489422b1fbbbc",
      "8478bad8f0661d2a5ea65a8dc4bf86114f77d939"
    ],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}