https://cybercrime.club/tags/package-manager/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usSun, 10 May 2026 10:00:00 -0400https://cybercrime.club/deep-dives/install-time-execution-npm-worm-lineage-2026/Sun, 10 May 2026 10:00:00 -0400https://cybercrime.club/deep-dives/install-time-execution-npm-worm-lineage-2026/From the original Shai-Hulud in September 2025 through CanisterSprawl, the Bitwarden CLI compromise, and Mini Shai-Hulud, every major npm/PyPI worm of the last eight months has used the same primitive: package lifecycle hooks that run arbitrary code on install. Until the registries change that default, each generation will keep landing.