The Shai-Hulud supply-chain attack was a reminder that many modern compromises don’t rely on exotic exploits — they rely on trusted dependency installs quietly making outbound network calls. The attack involved malicious open-source packages that executed install-time scripts (postinstall, setup.py) to selectively fetch second-stage payloads, often only when running in CI environments, and then exfiltrate credentials or environment data.