shai_hulululud npm Package Uses Prompt Injection and Token Flooding to Disrupt AI Malware Scanners
SuspectedDiscovered Jun 16, 2026
Socket identified shai_hulululud@1.0.48596 as a deliberately packed npm package that appears designed to probe or disrupt AI-assisted malware review with prompt-injection text, safety-triggering comments, context flooding, and obfuscated JavaScript.
1
Affected Packages
9
Observables
3
Sources
Timeline
| Date | Event | Description | Source |
|---|---|---|---|
| Jun 16, 2026 | Fresh source review | Reviewed direct and primary sources for the last-two-weeks supply-chain refresh; this preview intentionally excludes older Halting Problems article data. | Direct source |
Affected Software
| Package | Ecosystem | Version Range | Status | Confidence | Source |
|---|---|---|---|---|---|
| shai_hulululud | npm | 1.0.48596 | Malicious | 90% | Direct source |
IOC Clipboard
9 IOCsurl
https://registry.npmjs.org/shai_hulululudurl
https://registry.npmjs.org/shai_hulululud/-/shai_hulululud-1.0.48596.tgzurl
https://socket.dev/blog/npm-package-uses-prompt-injection-and-token-flooding-to-disrupt-ai-malware-scannershash
9dcce285116e31a5c8f8e3a4ed596a791e62c3e47185e4ee36c489422b1fbbbchash
8478bad8f0661d2a5ea65a8dc4bf86114f77d939file_path
shai_hulululud-1.0.48596.tgzfile_path
index.jscommand
eval(command
shai_hulululudProvenance & Sources
| Source | Type | Reliability | Claims | Evidence |
|---|---|---|---|---|
| Direct source | direct | 95% | 1 | https://registry.npmjs.org/shai_hulululud |
| Direct source | direct | 95% | 1 | https://registry.npmjs.org/shai_hulululud/-/shai_hulululud-1.0.48596.tgz |
| Primary research | primary research | 95% | 1 | https://socket.dev/blog/npm-package-uses-prompt-injection-and-token-flooding-to-disrupt-ai-malware-scanners |