A recent supply chain attack, known as the "Shai-Hulud" attack, compromised the popular @ctrl/tinycolor NPM package and hundreds of others, affecting over 2 million weekly downloads. This attack, notable for its worm-like behavior, targets JavaScript packages by executing a malicious script during installation to harvest sensitive credentials such as Github and NPM tokens. These credentials are then used to propagate the malware across more packages, threatening the NPM ecosystem. In response, Replit took immediate action to protect its users by blocking the exfiltration endpoint in all development environments, preventing the stolen credentials from reaching the attacker's endpoint. Additionally, Replit enhanced its Security Scanner with a Malicious File Detection feature to identify and address threats from the Shai-Hulud worm, offering automatic remediation of security issues through an AI agent that can remove malicious files and update compromised dependencies. Replit remains committed to ensuring a secure coding environment for its users.