SHEFI · AI LITERACY · ISSUE 01

The May 11 Audit

The checks I ran the morning the npm worm hit. Free. Roughly 20 minutes.

[!warning]

On May 11, 2026, attackers compromised over 170 software packages with a combined 518 million weekly downloads. TanStack. Mistral AI. UiPath. OpenSearch. Guardrails AI.

The exact checks I ran the morning the npm worm hit. 20 minutes. Free.

The malware steals developer credentials, GitHub tokens, cloud secrets, password vaults from 1Password and Bitwarden, and crypto wallet seeds.

Start here · Which path is yours?

[!question] Do you write code, vibe code, or have you downloaded any AI coding tools?

(Cursor, Claude Code, Replit, Lovable, Bolt, OpenClaw, GitHub Copilot, VS Code AI extensions, anything similar.)

If no → the malware can't reach you. You weren't installing the compromised packages. Skip straight to Step 3 for the cleanup everyone should do, then Step 4.

If yes → start at Step 1. Work through all four steps, plus the optional add-on at the end if you want belt-and-suspenders.

If you're not sure whether something counts as a coding tool, it probably does. Err on the side of doing the full audit.

Step 01 · Check your installed packages

For coders and vibe coders only.

Open your terminal.