{question}
Has SingleStore been affected by the Shai-Hulud 2.0 malware?
{question}
{answer}
The Shai Hulud Worm 2.0 is a self-propagating malware campaign targeting the npm ecosystem, where compromised npm packages automatically infect other packages by stealing authentication tokens, modifying source code, and publishing malicious versions—spreading the attack across developers and repositories like a worm.
SingleStore upholds strict security standards, including comprehensive supply-chain vetting within our software development lifecycle. Following a thorough review, at the time of this bulletin we confirmed that no affected components are present in any of our product software, be it SingleStore Helios or Self-managed.
Out of due diligence, SingleStore has deployed additional security measures in its CI and has increased monitoring efforts to focus on early detection and prevention of any supply-chain –related anomalies.
This bulletin is provided for informational purposes only.
No action is required from SingleStore customers.
{answer}