{"id":25193,"date":"2025-11-25T20:16:16","date_gmt":"2025-11-25T20:16:16","guid":{"rendered":"https:\/\/pokecon.jp\/job\/?p=25193"},"modified":"2025-11-25T20:16:16","modified_gmt":"2025-11-25T20:16:16","slug":"%e5%81%bd%e3%81%aebun%e3%83%a9%e3%83%b3%e3%82%bf%e3%82%a4%e3%83%a0%e3%81%a7%e3%82%8f%e3%81%9a%e3%81%8b%e6%95%b0%e6%99%82%e9%96%93%e3%81%a71000%e5%80%8b%e4%bb%a5%e4%b8%8a%e3%81%aenpm%e3%83%91%e3%83%83","status":"publish","type":"post","link":"https:\/\/pokecon.jp\/job\/25193\/","title":{"rendered":"\u507d\u306eBun\u30e9\u30f3\u30bf\u30a4\u30e0\u3067\u308f\u305a\u304b\u6570\u6642\u9593\u30671000\u500b\u4ee5\u4e0a\u306eNPM\u30d1\u30c3\u30b1\u30fc\u30b8\u30682\u4e077000\u500b\u4ee5\u4e0a\u306eGithub\u30ea\u30dd\u30b8\u30c8\u30ea\u304c\u30de\u30eb\u30a6\u30a7\u30a2\u306b\u611f\u67d3 – GIGAZINE"},"content":{"rendered":"\n<\/p>\n
<\/p>\n

<\/p>\n

\"\"\/<\/a><\/p>\n

\n
\u73fe\u5730\u6642\u9593\u306e2025\u5e7411\u670824\u65e5\u3001\u30b5\u30d7\u30e9\u30a4\u30c1\u30a7\u30fc\u30f3\u30de\u30eb\u30a6\u30a7\u30a2\u3084\u8106\u5f31(\u305c\u3044\u3058\u3083\u304f)\u6027\u306b\u95a2\u3059\u308b\u7814\u7a76\u3092\u884c\u3046\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7814\u7a76\u6240\u3067\u3042\u308bHelixGuard<\/a><\/b>\u304c\u3001NPM\u30ec\u30b8\u30b9\u30c8\u30ea\u5185\u306e1000\u3092\u8d85\u3048\u308b\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u304c\u3001\u6570\u6642\u9593\u4ee5\u5185\u306b\u540c\u3058\u624b\u6cd5\u3067\u6539\u3056\u3093\u3055\u308c\u305f\u3053\u3068\u3092\u691c\u51fa\u3057\u307e\u3057\u305f\u3002\u6539\u3056\u3093\u3055\u308c\u305f\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u306f\u300cBun<\/a><\/b>\u30e9\u30f3\u30bf\u30a4\u30e0\u3092\u5c0e\u5165\u3059\u308b\u300d\u3068\u3044\u3046\u865a\u507d\u306e\u4e3b\u5f35\u3092\u884c\u3063\u3066\u304a\u308a\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u3084\u96e3\u8aad\u5316\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u304c\u8ffd\u52a0\u3055\u308c\u3066\u3044\u305f\u3053\u3068\u3082\u78ba\u8a8d\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n

Shai-Hulud Returns: Over 1K NPM Packages and 27K+ Github Repos infected via Fake Bun Runtime Within Hours \u2014 HelixGuard<\/b>
https:\/\/helixguard.ai\/blog\/malicious-sha1hulud-2025-11-24<\/a><\/b><\/p>\n

\"\"\/<\/a><\/p>\n

\n
HelixGuard\u306b\u3088\u308b\u3068\u3001NPM\u30ec\u30b8\u30b9\u30c8\u30ea\u5185\u306e1000\u3092\u8d85\u3048\u308b\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u304c\u308f\u305a\u304b\u6570\u6642\u9593\u3067\u540c\u3058\u624b\u6cd5\u3092\u7528\u3044\u3066\u6539\u3056\u3093\u3055\u308c\u305f\u305d\u3046\u3067\u3059\u3002NPM\u30ec\u30b8\u30b9\u30c8\u30ea\u5185\u306e\u6539\u3056\u3093\u3055\u308c\u305f\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u306f\u3001\u300cBun\u30e9\u30f3\u30bf\u30a4\u30e0\u3092\u5c0e\u5165\u3059\u308b\u300d\u3068\u3044\u3046\u865a\u507d\u306e\u4e3b\u5f35\u3092\u3057\u3066\u304a\u308a\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u3068\u96e3\u8aad\u5316\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb(bun_environment.js)\u304c\u8ffd\u52a0\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u78ba\u8a8d\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n

\u8ffd\u52a0\u3055\u308c\u305f\u30b9\u30af\u30ea\u30d7\u30c8\u304c\u4ee5\u4e0b\u3002<\/p>\n

preinstall: node setup_bun.js<\/code><\/pre>\n
\n
\u96e3\u8aad\u5316\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u3067\u3042\u308b\u300cbun_environment.js\u300d\u306f\u60aa\u610f\u306e\u3042\u308bJavaScript\u30d5\u30a1\u30a4\u30eb\u3067\u3001\u30b5\u30a4\u30ba\u306f10MB\u3092\u8d85\u3048\u3066\u304a\u308a\u3001\u60c5\u5831\u7a83\u53d6\u306e\u305f\u3081\u306e\u81a8\u5927\u306a\u30ed\u30b8\u30c3\u30af\u304c\u7d44\u307f\u8fbc\u307e\u308c\u3066\u3044\u308b\u3068\u306e\u3053\u3068\u3002
\n<\/p>\n
\u3053\u306e\u96e3\u8aad\u5316\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u304c\u5b9f\u884c\u3055\u308c\u308b\u3068\u3001\u30de\u30eb\u30a6\u30a7\u30a2\u306fGit\u30ea\u30dd\u30b8\u30c8\u30ea\u304b\u3089\u30af\u30ec\u30c7\u30f3\u30b7\u30e3\u30eb<\/a><\/b>\u304c\u30b3\u30df\u30c3\u30c8\u3055\u308c\u3066\u3044\u306a\u3044\u304b\u3092\u81ea\u52d5\u7684\u306b\u691c\u67fb\u3059\u308b\u30c4\u30fc\u30eb\u306eTruffleHog<\/a><\/b>\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3066\u5b9f\u884c\u3057\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u30ed\u30fc\u30ab\u30eb\u30de\u30b7\u30f3\u304b\u3089npm\u30c8\u30fc\u30af\u30f3\u3084AWS\u3084Google Cloud\u3001Azure\u306a\u3069\u306e\u8cc7\u683c\u60c5\u5831\u3001\u74b0\u5883\u5909\u6570\u306a\u3069\u306e\u6a5f\u5bc6\u60c5\u5831\u3092\u76d7\u3080\u305d\u3046\u3067\u3059\u3002<\/p>\n
\u307e\u305f\u3001\u60aa\u610f\u306e\u3042\u308b\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u3001\u73fe\u5728\u306e\u74b0\u5883\u306b\u3042\u308bnpm\u306e\u8a2d\u5b9a\u306b\u57fa\u3065\u3044\u3066\u300cpackage.json\u300d\u3092\u6539\u5909\u3059\u308b\u3053\u3068\u3067\u3001\u300csetup_bun.js\u300d\u3068\u300cbun_environment.js\u300d\u3092\u633f\u5165\u3057\u307e\u3059\u3002\u305d\u306e\u5f8c\u3001\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u3092\u518d\u30d1\u30c3\u30b1\u30fc\u30b8\u5316\u3057\u3001\u76d7\u307e\u308c\u305f\u30c8\u30fc\u30af\u30f3\u3092\u4f7f\u3063\u3066\u300cnpm publish\u300d\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3067\u3001\u30ef\u30fc\u30e0\u306e\u3088\u3046\u306b\u81ea\u5df1\u5897\u6b96\u7684\u306b\u62e1\u6563\u3057\u307e\u3059\u3002<\/p>\n
\u60aa\u610f\u306e\u3042\u308b\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u76d7\u307f\u51fa\u3057\u305f\u6a5f\u5bc6\u60c5\u5831\u3092\u9001\u4fe1\u3059\u308b\u305f\u3081\u306b\u3001\u300c.github\/workflows\/formatter_123456789.yml\u300d\u3068\u3044\u3046\u540d\u524d\u306e\u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u3001\u300cSHA1HULUD\u300d\u3068\u3044\u3046\u540d\u524d\u306eGitHub Actions\u306e\u30e9\u30f3\u30ca\u30fc\u3092\u4f5c\u6210\u3002\u3053\u306e\u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u3092\u901a\u3058\u3066\u30ea\u30dd\u30b8\u30c8\u30ea\u306e\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u3092\u4e8c\u91cd\u306eBase64\u30a8\u30f3\u30b3\u30fc\u30c9\u3067\u51e6\u7406\u3057\u3001\u300cactionsSecrets.json\u300d\u306b\u307e\u3068\u3081\u3066\u4fdd\u5b58\u3057\u307e\u3059\u3002<\/p>\n
\"\"\/<\/a><\/p>\n
\n
\u305d\u3057\u3066\u3001\u300cSha1-Hulud: The Second Coming\u300d\u3068\u3044\u3046\u8aac\u660e\u6587\u3092\u6301\u3063\u305fGitHub\u30ea\u30dd\u30b8\u30c8\u30ea\u3092\u751f\u6210\u3057\u307e\u3059\u3002\u3053\u306e\u540d\u79f0\u3092\u6301\u3063\u305fGitHub\u30ea\u30dd\u30b8\u30c8\u30ea\u306f\u8a18\u4e8b\u4f5c\u6210\u6642\u70b9\u30672\u4e077000\u4ee5\u4e0a\u5b58\u5728\u3059\u308b\u305d\u3046\u3067\u3059\u3002<\/p>\n
\"\"\/<\/a><\/p>\n
\n
\u3053\u306e\u540d\u79f0\u304b\u3089\u3001\u4eca\u56de\u306e\u30b5\u30a4\u30d0\u30fc\u653b\u6483\u3092\u4ed5\u639b\u3051\u305f\u306e\u306f\u30b5\u30d7\u30e9\u30a4\u30c1\u30a7\u30fc\u30f3\u653b\u6483\u300cShai-Hulud\u300d\u3092\u5b9f\u884c\u3057\u305f\u4eba\u7269\u3068\u540c\u4e00\u3067\u3042\u308b\u53ef\u80fd\u6027\u304c\u6307\u6458\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n
\u6bce\u9031200\u4e07\u56de\u4ee5\u4e0a\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3055\u308c\u308b\u4eba\u6c17\u306e@ctrl\/tinycolor\u30d1\u30c3\u30b1\u30fc\u30b8\u304c\u9ad8\u5ea6\u306a\u30b5\u30d7\u30e9\u30a4\u30c1\u30a7\u30fc\u30f3\u653b\u6483\u300cShai-Hulud\u300d\u306b\u3088\u3063\u306640\u4ee5\u4e0a\u306eNPM\u30d1\u30c3\u30b1\u30fc\u30b8\u3068\u3068\u3082\u306b\u4fb5\u5bb3\u3092\u53d7\u3051\u3066\u3044\u308b\u3068\u767a\u899a – GIGAZINE<\/a><\/b><\/p>\n
\"\"<\/a><\/p>\n
<\/p>\n
\n
\u3053\u306e\u8a18\u4e8b\u306e\u30bf\u30a4\u30c8\u30eb\u3068URL\u3092\u30b3\u30d4\u30fc\u3059\u308b<\/p>\n<\/div>\n<\/div>\n\n
\u5143\u306e\u8a18\u4e8b\u3092\u78ba\u8a8d\u3059\u308b <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"\u73fe\u5730\u6642\u9593\u306e2025\u5e7411\u670824\u65e5\u3001\u30b5\u30d7\u30e9\u30a4\u30c1\u30a7\u30fc\u30f3\u30de\u30eb\u30a6\u30a7\u30a2\u3084\u8106\u5f31(\u305c\u3044\u3058\u3083\u304f)\u6027\u306b\u95a2\u3059\u308b\u7814\u7a76\u3092\u884c\u3046\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7814\u7a76\u6240\u3067\u3042\u308bHelixGuard\u304c\u3001NPM\u30ec\u30b8\u30b9\u30c8\u30ea\u5185\u306e1000\u3092\u8d85\u3048\u308b\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u304c\u3001\u6570 […]","protected":false},"author":1,"featured_media":25194,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[],"class_list":["post-25193","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hatena-blog"],"acf":[],"yoast_head":"\n\u507d\u306eBun\u30e9\u30f3\u30bf\u30a4\u30e0\u3067\u308f\u305a\u304b\u6570\u6642\u9593\u30671000\u500b\u4ee5\u4e0a\u306eNPM\u30d1\u30c3\u30b1\u30fc\u30b8\u30682\u4e077000\u500b\u4ee5\u4e0a\u306eGithub\u30ea\u30dd\u30b8\u30c8\u30ea\u304c\u30de\u30eb\u30a6\u30a7\u30a2\u306b\u611f\u67d3 - GIGAZINE - \u30dd\u30b1\u30b3\u30f3<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/gigazine.net\/news\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u507d\u306eBun\u30e9\u30f3\u30bf\u30a4\u30e0\u3067\u308f\u305a\u304b\u6570\u6642\u9593\u30671000\u500b\u4ee5\u4e0a\u306eNPM\u30d1\u30c3\u30b1\u30fc\u30b8\u30682\u4e077000\u500b\u4ee5\u4e0a\u306eGithub\u30ea\u30dd\u30b8\u30c8\u30ea\u304c\u30de\u30eb\u30a6\u30a7\u30a2\u306b\u611f\u67d3 - GIGAZINE - \u30dd\u30b1\u30b3\u30f3\" \/>\n<meta property=\"og:description\" content=\"\u73fe\u5730\u6642\u9593\u306e2025\u5e7411\u670824\u65e5\u3001\u30b5\u30d7\u30e9\u30a4\u30c1\u30a7\u30fc\u30f3\u30de\u30eb\u30a6\u30a7\u30a2\u3084\u8106\u5f31(\u305c\u3044\u3058\u3083\u304f)\u6027\u306b\u95a2\u3059\u308b\u7814\u7a76\u3092\u884c\u3046\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7814\u7a76\u6240\u3067\u3042\u308bHelixGuard\u304c\u3001NPM\u30ec\u30b8\u30b9\u30c8\u30ea\u5185\u306e1000\u3092\u8d85\u3048\u308b\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u304c\u3001\u6570 […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/gigazine.net\/news\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\/\" \/>\n<meta property=\"og:site_name\" content=\"\u30dd\u30b1\u30b3\u30f3\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-25T20:16:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pokecon.jp\/job\/wp-content\/uploads\/2025\/11\/1764101776_00_m.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"560\" \/>\n\t<meta property=\"og:image:height\" content=\"315\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"info@pokecon.jp\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u57f7\u7b46\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"info@pokecon.jp\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/gigazine.net\\\/news\\\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/25193\\\/\"},\"author\":{\"name\":\"info@pokecon.jp\",\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/#\\\/schema\\\/person\\\/16c9f07b1ba984d165d9aee259bda997\"},\"headline\":\"\u507d\u306eBun\u30e9\u30f3\u30bf\u30a4\u30e0\u3067\u308f\u305a\u304b\u6570\u6642\u9593\u30671000\u500b\u4ee5\u4e0a\u306eNPM\u30d1\u30c3\u30b1\u30fc\u30b8\u30682\u4e077000\u500b\u4ee5\u4e0a\u306eGithub\u30ea\u30dd\u30b8\u30c8\u30ea\u304c\u30de\u30eb\u30a6\u30a7\u30a2\u306b\u611f\u67d3 – GIGAZINE\",\"datePublished\":\"2025-11-25T20:16:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/25193\\\/\"},\"wordCount\":92,\"image\":{\"@id\":\"https:\\\/\\\/gigazine.net\\\/news\\\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/1764101776_00_m.jpg\",\"articleSection\":[\"\u306f\u3066\u306a\u30d6\u30ed\u30b0\"],\"inLanguage\":\"ja\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/25193\\\/\",\"url\":\"https:\\\/\\\/gigazine.net\\\/news\\\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\\\/\",\"name\":\"\u507d\u306eBun\u30e9\u30f3\u30bf\u30a4\u30e0\u3067\u308f\u305a\u304b\u6570\u6642\u9593\u30671000\u500b\u4ee5\u4e0a\u306eNPM\u30d1\u30c3\u30b1\u30fc\u30b8\u30682\u4e077000\u500b\u4ee5\u4e0a\u306eGithub\u30ea\u30dd\u30b8\u30c8\u30ea\u304c\u30de\u30eb\u30a6\u30a7\u30a2\u306b\u611f\u67d3 - GIGAZINE - \u30dd\u30b1\u30b3\u30f3\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/gigazine.net\\\/news\\\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/gigazine.net\\\/news\\\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/1764101776_00_m.jpg\",\"datePublished\":\"2025-11-25T20:16:16+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/#\\\/schema\\\/person\\\/16c9f07b1ba984d165d9aee259bda997\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/gigazine.net\\\/news\\\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\\\/#breadcrumb\"},\"inLanguage\":\"ja\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/gigazine.net\\\/news\\\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\\\/\\\/gigazine.net\\\/news\\\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/1764101776_00_m.jpg\",\"contentUrl\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/1764101776_00_m.jpg\",\"width\":560,\"height\":315},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/gigazine.net\\\/news\\\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u30db\u30fc\u30e0\",\"item\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u507d\u306eBun\u30e9\u30f3\u30bf\u30a4\u30e0\u3067\u308f\u305a\u304b\u6570\u6642\u9593\u30671000\u500b\u4ee5\u4e0a\u306eNPM\u30d1\u30c3\u30b1\u30fc\u30b8\u30682\u4e077000\u500b\u4ee5\u4e0a\u306eGithub\u30ea\u30dd\u30b8\u30c8\u30ea\u304c\u30de\u30eb\u30a6\u30a7\u30a2\u306b\u611f\u67d3 – GIGAZINE\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/#website\",\"url\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/\",\"name\":\"\u30dd\u30b1\u30b3\u30f3\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ja\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/#\\\/schema\\\/person\\\/16c9f07b1ba984d165d9aee259bda997\",\"name\":\"info@pokecon.jp\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2b0549cd9f7907c092ca5fbb283baf72337f235726e4b46fa39ec0b701ac2fe2?s=96&d=wavatar&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2b0549cd9f7907c092ca5fbb283baf72337f235726e4b46fa39ec0b701ac2fe2?s=96&d=wavatar&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2b0549cd9f7907c092ca5fbb283baf72337f235726e4b46fa39ec0b701ac2fe2?s=96&d=wavatar&r=g\",\"caption\":\"info@pokecon.jp\"},\"url\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/author\\\/infopokecon-jp\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u507d\u306eBun\u30e9\u30f3\u30bf\u30a4\u30e0\u3067\u308f\u305a\u304b\u6570\u6642\u9593\u30671000\u500b\u4ee5\u4e0a\u306eNPM\u30d1\u30c3\u30b1\u30fc\u30b8\u30682\u4e077000\u500b\u4ee5\u4e0a\u306eGithub\u30ea\u30dd\u30b8\u30c8\u30ea\u304c\u30de\u30eb\u30a6\u30a7\u30a2\u306b\u611f\u67d3 - GIGAZINE - \u30dd\u30b1\u30b3\u30f3","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/gigazine.net\/news\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\/","og_locale":"ja_JP","og_type":"article","og_title":"\u507d\u306eBun\u30e9\u30f3\u30bf\u30a4\u30e0\u3067\u308f\u305a\u304b\u6570\u6642\u9593\u30671000\u500b\u4ee5\u4e0a\u306eNPM\u30d1\u30c3\u30b1\u30fc\u30b8\u30682\u4e077000\u500b\u4ee5\u4e0a\u306eGithub\u30ea\u30dd\u30b8\u30c8\u30ea\u304c\u30de\u30eb\u30a6\u30a7\u30a2\u306b\u611f\u67d3 - GIGAZINE - \u30dd\u30b1\u30b3\u30f3","og_description":"\u73fe\u5730\u6642\u9593\u306e2025\u5e7411\u670824\u65e5\u3001\u30b5\u30d7\u30e9\u30a4\u30c1\u30a7\u30fc\u30f3\u30de\u30eb\u30a6\u30a7\u30a2\u3084\u8106\u5f31(\u305c\u3044\u3058\u3083\u304f)\u6027\u306b\u95a2\u3059\u308b\u7814\u7a76\u3092\u884c\u3046\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7814\u7a76\u6240\u3067\u3042\u308bHelixGuard\u304c\u3001NPM\u30ec\u30b8\u30b9\u30c8\u30ea\u5185\u306e1000\u3092\u8d85\u3048\u308b\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u304c\u3001\u6570 […]","og_url":"https:\/\/gigazine.net\/news\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\/","og_site_name":"\u30dd\u30b1\u30b3\u30f3","article_published_time":"2025-11-25T20:16:16+00:00","og_image":[{"width":560,"height":315,"url":"https:\/\/pokecon.jp\/job\/wp-content\/uploads\/2025\/11\/1764101776_00_m.jpg","type":"image\/jpeg"}],"author":"info@pokecon.jp","twitter_card":"summary_large_image","twitter_misc":{"\u57f7\u7b46\u8005":"info@pokecon.jp"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/gigazine.net\/news\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\/#article","isPartOf":{"@id":"https:\/\/pokecon.jp\/job\/25193\/"},"author":{"name":"info@pokecon.jp","@id":"https:\/\/pokecon.jp\/job\/#\/schema\/person\/16c9f07b1ba984d165d9aee259bda997"},"headline":"\u507d\u306eBun\u30e9\u30f3\u30bf\u30a4\u30e0\u3067\u308f\u305a\u304b\u6570\u6642\u9593\u30671000\u500b\u4ee5\u4e0a\u306eNPM\u30d1\u30c3\u30b1\u30fc\u30b8\u30682\u4e077000\u500b\u4ee5\u4e0a\u306eGithub\u30ea\u30dd\u30b8\u30c8\u30ea\u304c\u30de\u30eb\u30a6\u30a7\u30a2\u306b\u611f\u67d3 – GIGAZINE","datePublished":"2025-11-25T20:16:16+00:00","mainEntityOfPage":{"@id":"https:\/\/pokecon.jp\/job\/25193\/"},"wordCount":92,"image":{"@id":"https:\/\/gigazine.net\/news\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\/#primaryimage"},"thumbnailUrl":"https:\/\/pokecon.jp\/job\/wp-content\/uploads\/2025\/11\/1764101776_00_m.jpg","articleSection":["\u306f\u3066\u306a\u30d6\u30ed\u30b0"],"inLanguage":"ja"},{"@type":"WebPage","@id":"https:\/\/pokecon.jp\/job\/25193\/","url":"https:\/\/gigazine.net\/news\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\/","name":"\u507d\u306eBun\u30e9\u30f3\u30bf\u30a4\u30e0\u3067\u308f\u305a\u304b\u6570\u6642\u9593\u30671000\u500b\u4ee5\u4e0a\u306eNPM\u30d1\u30c3\u30b1\u30fc\u30b8\u30682\u4e077000\u500b\u4ee5\u4e0a\u306eGithub\u30ea\u30dd\u30b8\u30c8\u30ea\u304c\u30de\u30eb\u30a6\u30a7\u30a2\u306b\u611f\u67d3 - GIGAZINE - \u30dd\u30b1\u30b3\u30f3","isPartOf":{"@id":"https:\/\/pokecon.jp\/job\/#website"},"primaryImageOfPage":{"@id":"https:\/\/gigazine.net\/news\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\/#primaryimage"},"image":{"@id":"https:\/\/gigazine.net\/news\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\/#primaryimage"},"thumbnailUrl":"https:\/\/pokecon.jp\/job\/wp-content\/uploads\/2025\/11\/1764101776_00_m.jpg","datePublished":"2025-11-25T20:16:16+00:00","author":{"@id":"https:\/\/pokecon.jp\/job\/#\/schema\/person\/16c9f07b1ba984d165d9aee259bda997"},"breadcrumb":{"@id":"https:\/\/gigazine.net\/news\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/gigazine.net\/news\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\/"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/gigazine.net\/news\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\/#primaryimage","url":"https:\/\/pokecon.jp\/job\/wp-content\/uploads\/2025\/11\/1764101776_00_m.jpg","contentUrl":"https:\/\/pokecon.jp\/job\/wp-content\/uploads\/2025\/11\/1764101776_00_m.jpg","width":560,"height":315},{"@type":"BreadcrumbList","@id":"https:\/\/gigazine.net\/news\/20251125-shai-hulud-1k-npm-packages-27k-github-infected\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u30db\u30fc\u30e0","item":"https:\/\/pokecon.jp\/job\/"},{"@type":"ListItem","position":2,"name":"\u507d\u306eBun\u30e9\u30f3\u30bf\u30a4\u30e0\u3067\u308f\u305a\u304b\u6570\u6642\u9593\u30671000\u500b\u4ee5\u4e0a\u306eNPM\u30d1\u30c3\u30b1\u30fc\u30b8\u30682\u4e077000\u500b\u4ee5\u4e0a\u306eGithub\u30ea\u30dd\u30b8\u30c8\u30ea\u304c\u30de\u30eb\u30a6\u30a7\u30a2\u306b\u611f\u67d3 – GIGAZINE"}]},{"@type":"WebSite","@id":"https:\/\/pokecon.jp\/job\/#website","url":"https:\/\/pokecon.jp\/job\/","name":"\u30dd\u30b1\u30b3\u30f3","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/pokecon.jp\/job\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/pokecon.jp\/job\/#\/schema\/person\/16c9f07b1ba984d165d9aee259bda997","name":"info@pokecon.jp","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/secure.gravatar.com\/avatar\/2b0549cd9f7907c092ca5fbb283baf72337f235726e4b46fa39ec0b701ac2fe2?s=96&d=wavatar&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/2b0549cd9f7907c092ca5fbb283baf72337f235726e4b46fa39ec0b701ac2fe2?s=96&d=wavatar&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2b0549cd9f7907c092ca5fbb283baf72337f235726e4b46fa39ec0b701ac2fe2?s=96&d=wavatar&r=g","caption":"info@pokecon.jp"},"url":"https:\/\/pokecon.jp\/job\/author\/infopokecon-jp\/"}]}},"_links":{"self":[{"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/posts\/25193","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/comments?post=25193"}],"version-history":[{"count":1,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/posts\/25193\/revisions"}],"predecessor-version":[{"id":25195,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/posts\/25193\/revisions\/25195"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/media\/25194"}],"wp:attachment":[{"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/media?parent=25193"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/categories?post=25193"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/tags?post=25193"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}