Spectra Assure Free Trial
Get your 14-day free trial of Spectra Assure
Get Free TrialMore about Spectra Assure Free TrialSelf-replicating Shai-hulud worm spreads token-stealing malware on npm
RL researchers have detected the first self-replicating worm compromising popular npm packages with cloud token-stealing malware.
On September 15, ReversingLabs (RL) researchers detected a first of its kind self-replicating worm on the npm open source registry. The worm, named “Shai-hulud,” spreads through a cascading compromise of npm accounts that inserts the malicious worm code into legitimate public and private npm packages belonging to the compromised developer.
The name “Shai-hulud” is taken from the open-source repository holding the malicious code. Fans of Frank Herbert's acclaimed Dune series will recognize the name of the giant sandworms native to the planet of Arakis. Much like its namesake, this npm worm is feasting on those that wander the deserts of modern, open-source software development. Tokens, keys, and private repositories all get gobbled up by this malware behemoth.
Once infected by Shai-hulud, npm packages spawn attacks of their own by unknowingly allowing the worm to self-propagate through the packages they maintain. Given the large number of package inter-dependencies in the npm ecosystem, it is difficult to predict who will get compromised next — and how far Shai-hulud could spread. At the time of publishing, RL has identified hundreds of npm packages that have been compromised by the Shai-hulud malware.
While this is a developing story, it is already apparent that the impact of the Shai-hulud malware outbreak will be large. RL has identified a number of popular packages that have been compromised, including ngx-bootstrap (300k weekly downloads), ng2-file-upload (100k weekly downloads) and @ctrl/tinycolor (2.2M weekly downloads). Together, these packages account for millions of combined weekly downloads, making this a high-impact supply chain compromise.
There are also a large number of affected parties. Among those are tech company founders and CTOs; companies providing software development services; developers working for non-profit organizations; tech leads in companies building gambling hardware and software and creating office development suites; developers in AI-first companies; security vendors — including a leading endpoint detection and response (EDR) vendor; student developers; and others that rely on npm each day to build software.
RL has contacted as many affected parties as possible, but the speed with at which the worm is spreading is making it impossible to reach everybody.
[ Join RL researchers for a live Q&A about the Shai-hulud worm at 12pm EDT ]
What are the origins of the Shai-hulud worm?
While the exact origin of the Shai-hulud malware — and the actors responsible for the malware —have not been identified, RL researchers note striking similarities with the Nx compromise that occurred at the end of August. While the malware used in the two attacks is different, the Nx attack and the Shai-hulud campaign use similar techniques. Both attacks target popular open source packages with millions of weekly downloads. When deployed, both malicious payloads focused on collecting environment- and other secret information from infected machines and leveraged user-owned GitHub accounts for data exfiltration.
This incident, as well as the crypto hacks campaign discovered last week targeting prominent open source maintainers and packages, are a stark reminder of the fragility of our software supply chain, and yet another escalation in the arms race between attackers and defenders. This year alone, the security community has witnessed phishing attacks compromising prolific developers, evasive ML model malware, viruses that infect installed npm packages, malware hiding information in the blockchain, single-line malware inducing pull-requests. Now, we have a self-replicating worm spreading through the open source supply chain. While there is no way to know what threat vector we might face next, it is clear that the attackers are using every tried and true technique on the new frontier for defenders: the software supply chain.
What is the Shai-hulud worm? A malicious bundle.js
The Shai-hulud worm itself is a 3MB+ behemoth of JavaScript. However, what it does is pretty straightforward.
After an npm developer account is compromised, the worm looks for other packages the developer maintains. It then creates a new version of each of those packages by injecting itself into them. Each newly created package is modified with a postinstall action that will execute the malicious bundle.js when an unsuspecting user downloads the compromised package. This is repeated in perpetuity as the worm finds new developers to infect, and then uses them to spread even further.
Figure 1: Postinstall script added to package.json file
Autospreading functionality
To speed-up the spread of the Shai-hulud malware, the threat actors behind it implemented worm-like functionality that automatically updates the packages published by compromised npm accounts with this same bundle.js file. To do that, a function named updatePackage adds a postinstall script to the package.json file that adds the bundle.js file to the package archive.
Figure 2: Code responsible for adding malicious functionality to affected npm packages.
We have identified at least one package in which autospreading has occurred, so it can be confirmed that this spreading technique functions properly and probably explains the rapid growth in infected npm packages in the last 24 hours.
A massive theft of developer secrets
The malicious bundle.js script is also designed to steal cloud service tokens, primarily targeting npm, GitHub, AWS and GCP tokens. However, the worm also installs Trufflehog, a popular open-source tool that can detect more than 800 different types of secrets. This significantly increases its secret-stealing capabilities.
Figure 3: Part of code showing which service tokens are targeted in the attack
The collected secrets are then exfiltrated to newly created GitHub repositories using stolen GitHub access tokens. The created repository has the name "Shai-Hulud" and description "Shai-Hulud Repository." Exfiltrated data is double Base64-encoded and uploaded to a file named data.json in the newly created repository.
The compromised repositories can be tracked using a GitHub search for the repository description. Keep in mind that search results show only the currently active repositories and we can confirm that there were more victims that removed the exfiltration repositories from their GitHub accounts after becoming aware of the compromise.
Figure 4: GitHub search showing the compromised user repositories
Another method for GitHub token exfiltration is by creating a new branch named shai-hulud in one of the existing repositories. A workflow file named .github/workflows/shai-hulud-workflow.yml is uploaded to that branch.
Figure 5: Malicious GitHub workflow file designed to exfiltrate secrets
The GitHub action has a runnable action triggering on the PUSH event that is designed to exfiltrate the tokens accessible from the workflow environment to the url hxxps://webhook.site/bb8ca5f6-4175-45d2-b042-fc9ebb8170b7. This data is also double Base64 encoded. Unfortunately, using GitHub search for branch names is not supported, so it is a bit harder to track the victims using this information.
Private repos go public
Another malicious functionality implemented by this malware is the “migration” of private repos belonging to the compromised GitHub account to publicly accessible repositories. The worm tries to create a public copy of all private repositories belonging to the compromised user. This is likely an attempt to gain access to secrets hardcoded in those repositories, and possibly to steal the source code they contain. That stolen code can be analyzed for vulnerabilities that can be used in later attacks on the software.
The newly created repositories get a suffix -migration to their original name, and have the description Shai-Hulud Migration. This information can again be used to search for and identify victims that have had private repos exposed using GitHub search. At the time of publication, that search yielded close to 700 results on GitHub, giving an indication of the scope of the attack.
Figure 6: GitHub search showing the “migrated” private repositories
Patient Zero: rxnt-authentication
The first npm package for which we have information about compromise is rxnt-authentication. The malicious version of that package, 0.0.3, was published on September 14th at 17:58:50 UTC. As a result, the npm maintainer techsupportrxnt can be considered Patient 0 for this campaign.
Similarities with previous npm campaigns
The exact nature of the initial compromise is not known. However, the past few days saw widespread attacks on open source maintainers that resulted in compromises of leading open source code. Those attacks utilized phishing and social engineering to seize control of maintainers’ accounts and modify code. Victims of that campaign included the npm user Qix, a maintainer of some of the most used packages on npm (top 10) — debug and chalk.
According to Wiz, Qix’s packages are present in 99% of cloud environments, and 10% of them used the malicious version. RL identified more than 350 other open source packages — many with a lower profile than the Qix packages — that were infected with the same malware.
While the sole nature of the malware used in that incident resulted in minimal impact, it showed how big the exposure surface is. A similar incident occurred in the last week of August, when the authors of another popular package, called Nx, were compromised through a vulnerability in their GitHub actions code. Some security researchers named this attack “s1ngularity” from the name of GitHub repositories used to exfiltrate stolen user secrets. (More about this incident can be found in a recapitulation written by Wiz.)
Key points of the incident are that the packages were compromised by abusing vulnerable GitHub actions, while the malicious code was designed to steal user secrets and web service tokens. In that attack, also, data exfiltration was performed by creating new specifically named repositories from the compromised user accounts and private GitHub repositories were exposed.
The design and functional overlap of the Nx campaign with the Shai-hulud worm we detected is significant. The only remaining question for us is how patient 0 was compromised? While social engineering is a likely tool, the exploitation of vulnerable GitHub actions cannot be ruled out.
Why open source registries: A worm friendly environment?
What is even more concerning is the automated spreading of malware to the packages maintained by the compromised npm accounts. Historically, malware worms like SoBig, WannaCry and NotPetya have spread by targeting remotely exploitable vulnerabilities in software or — going even further back — by playing to human weaknesses to trick users into executing malicious code on their own systems. (See the “I Love You” and “Anna Kornikova” viruses.) Open-source platforms like npm present a new and promising environment for malware to propagate. And, when malware spreads at the speed of continuous integration/continuous delivery (CI/CD) rather than human point-and-click, how far can it spread, and how quickly can it be stopped? Do we need a break-glass function, or a big red button that can temporarily halt all new package publication to platforms like npm? And, if so, who would be tasked with pressing it? Also, how quickly could they act?
The nature of this malware, designed to steal and collect access tokens and quickly reuse them, is making the Shai-hulud outbreak even more important than the Qix developer account compromise that occurred last week. This time around, there’s more at stake than a few stolen crypto-coins. With leading packages compromised — and untold numbers of developer secrets and proprietary code exposed — the keys to the kingdom have been leaked, and there’s no way of telling how they can and will be misused by malicious actors.
Are you infected? Here’s how to check
To check if your organization is infected, or if your cloud accounts were compromised, review your public GitHub account for suspicious activities like a sudden appearance of repositories you did not publish. Another tell-tale: If any of your repositories suddenly change visibility from private to public.
Look at your user account activity on your profile page, using these steps:
- Look for new repositories that have the following description: Shai-Hulud Migration.
- Look for newly created branches that are named: shai-hulud.
If you do not have a public GitHub account but are publishing packages on npm, check to see if there are any new versions of your packages that you haven’t authored but that have appeared on npm this week.
Finally, you can also check package versions for npm packages you are maintaining using RL’s free Spectra Assure Community website. The RL threat research team is diligently reviewing all published npm packages, and applying the analyst-vetted malware label to confirm that the package has been infected. Here’s is an example of what to look for:
Figure 7: Spectra Assure Community website showcasing an analyst-vetted detection related to this incident
Indicators of Compromise (IOCs)
Indicators of Compromise (IoCs) refer to forensic artifacts or evidence related to a security breach or unauthorized activity on a computer network or system. IOCs play a crucial role in cybersecurity investigations and incident response efforts, helping analysts and security professionals identify and detect potential security incidents.
The following IOCs were collected as part of RL’s investigation of this malicious software supply chain campaign.
package_name | version | SHA1 |
0.0.2 | 5a87d68716cf9d99ec90835d623559bead2a76d3 | |
1.0.2 | b65a8f02bcc425e9f43f44c4062e57a7ed0bb4ac | |
0.0.4 | a134cb5a9c3187c7e2419ce5981bc8365cfbb1d7 | |
0.0.3 | edca8792f335b64b6929ef08b5d9bf812cc9ce77 | |
0.0.2 | 88a1b7b4dfe55bfcf33ee73520506596c3b11f05 | |
6.1.7 | cefb886c65d58dec552d217bf2e6bbfff900a067 | |
0.3.20 | ec85986413119e60684a99f3100c9d481cfdf08c | |
0.3.19 | 287a71e7df97b6c1cc10d51a4c18f8a1ce23cba0 | |
0.3.18 | 48932e2c66fb9fd103cdd2a4c0bfb77483061511 | |
2.14.4 | 5ce815ae8dfdb07fb5ebbc50643410e5f63daa2a | |
1.3.1 | caf629df8ec99ba641873e887a9d3e17bb2e040c | |
1.0.3 | 7c1454a3907079182ce7441def94f21e7e3fb554 | |
0.2.3 | 967bcd5cf05a814b9e14895183fe1e00fe06c8fd | |
0.2.2 | c7d64660cd39ab9ae3a57cb2c9bbf7a89cf559c7 | |
0.2.1 | 2ad5fdb982e406b6817225f0a4edf30262a8ed3a | |
1.0.4 | cb81069ef7b290660f9f640a56cfab33bd5764df | |
1.0.3 | 4c65f7bf4974a2892e2867dad270777cc1b1f0e0 | |
1.0.2 | c5012da7a0588bf39f4666a83ce43e11f70eb655 | |
1.0.6 | 8b5f31b22ac158f488179c49e718043e6bef25ef | |
1.0.5 | 8960070bcf368cb548f80756e22170836028897d | |
1.0.4 | 05307d8af5bea87f5ec60aaadcdd7be5a0f2e3fd | |
35.0.14 | dcea1fdaa6621072fed6962e3461e18c22f7261d | |
1.1.2 | 1b6704faf237f65c83e1856c1c5f6efa9ec0e9ab | |
1.1.3 | 9dd491b1b2faa10419198cadc25d0b30d46acba2 | |
1.1.4 | 8b9873af85a6f4a5ab24d76dd97dc3fa83a53dd6 | |
0.0.9 | b7ba4864a1aab4ba632c9c0fe1fcdc2fb0c268c8 | |
0.2.6 | a9bd726a1c567cbf8be371de175298c2ba10b19b | |
1.0.1 | 74de479293d9a47cce99c13f25e15103d40fbd0f | |
5.3.8 | 59e3b10efec96f31c90a15d0b3cdb3c3a3474ed4 | |
0.3.16 | 5cf876f82760193d2d068f3c5e1a24c7138002b1 | |
0.3.21 | bb5d7c3f23e1b5218f7a718f0a627cd0e897f39a | |
0.4.1 | 9b9a438091a5647e4ceb336fea424a384756183e | |
0.8.19 | 40b9aa9f98dc6073e04a56fd9d3596e4abefc596 | |
0.4.29 | eab6be69fbc87987a64474f67c237c728d792a70 | |
0.7.39 | 1a510a951e0fc186b99e313d94ab6ab72a6cd9d0 | |
0.3.14 | d8c0d20a17951f0b8a85c7cf5400d98841e17de6 | |
6.10.21 | 32547a2862896cb2f96ac23284fc5e979f0e2414 | |
6.10.20 | fd1dd0aee3ccb7fabd751e8a3d3ba99c493391bd | |
6.10.19 | c8ae5c76dc5837e18736678e928357a575a28a9f | |
0.3.33 | a28500d7adbb44e9fb29cb64401077ccfa2725ea | |
0.9.9 | 066b0294e11a90cfcb11dad16f3d5557712c7ebd | |
0.0.34 | 68e74c4250af9845f3c193b74e91124f2888de50 | |
0.0.33 | 640376c96617c1845378137b7a1d9cb74928ba20 | |
0.0.32 | 933d64001fc0459dae8a0449e08c662c734a6f0b | |
1.0.3 | a87cbf0a4cefbce50aa699641df2b61a833bca97 | |
1.0.2 | a28a7b4cd232a7935fdf9495b439a8d54ececbc6 | |
1.0.1 | e7d43606eb9fa18f4996db691f2086541b9bd3f4 | |
0.4.6 | 9459764f29b525e068c890663c79ec7ef81e9496 | |
0.4.7 | 602a9c12e35b78e0608a163495b5bddb5c2dc0fe | |
0.4.8 | d36e5dd827d1b316e641a28bd4d1fb74b209d6f4 | |
0.0.5 | 711cfa0503a965e901a943798923bd5a181eda67 | |
0.0.4 | 4c6aaae6c2f7e6b34e72a35f19ba686a6df76660 | |
0.0.3 | dc3c63c58f1f1fa2117b1657114b5d7e4c44c850 | |
1.0.9 | d9f7f7f88fbc8094b721968d150af696913fa590 | |
7.0.2 | 953dc4903d8a08f21d0a7cf49f01a1fe9f219434 | |
7.0.3 | 18e323f15332a80e13037cf71fc632b4a7c79b27 | |
8.0.1 | d3eaea409b77c9497adbf544563a2abb197f1d95 | |
8.0.2 | ddbf3395f4d584e2a788b15061e85c2d17fb1509 | |
8.0.3 | badf1b89443fc68e1369dd753eaeaac784e9df1b | |
9.0.1 | 17b464cbf81e074aaed24eb87c02d567f56dcfce | |
18.1.4 | d02f0f2ea5c9b1c29e5f6aae4fa0677f99b03cde | |
19.0.3 | c68054201d511f2135750edaef49958b4587267f | |
19.0.4 | 317c491606e651a49db9873aed3a25fe2d7b9d6f | |
20.0.3 | f1501a45e6ac7d1e95c8a6ef9f192583b6d91a56 | |
20.0.4 | 897513887c92230ff0244cd51cd8f29664df28a5 | |
20.0.5 | f1a932205d020c521ea52de4159d5d340cdb7fcc | |
20.0.6 | 0f2d98464cdaa2211a27977596c0c0652862302a | |
14.1.2 | 784dac6eae8261e32152f667286dc38e53b1bbcd | |
7.2.2 | cc7371ec3fc1ad9a62cb246e5885f13edf5fdeca | |
1.4.3 | b64401062ed84bacab8d6de8d6865d05978cd713 | |
4.0.4 | 2eaf147ef0a371050f3f1cec559ab9d2862036ae | |
7.0.2 | a5e233a8801faec95d35a703c0ca701e95048b35 | |
6.0.2 | 48f74f6af4a5932945b41479c734560ace278999 | |
9.2.2 | 1f86a2dd3636c1b3f6754bc8ad760c1154a8eeee | |
4.0.2 | 8820c2a858b73c91eb9567355dba4b6911bb2eed | |
9.7.2 | cd11335d66bed36e237b91ed2bc1b8ac0dc3c560 | |
2.0.2 | d7e800c37d67d878149fc7a6fb1569a654f928e5 | |
6.3.2 | 35187a7ee832909f901a713be277bb636692f422 | |
4.1.1 | 31a8730a11fc6cbf1bbdd216d7053949e908c50f | |
4.1.2 | ffd87620395edb43ae3f51bc7b5852e575627721 | |
4.1.2 | c9011fb8316e2cc639099643d42909aa32f5f85b | |
7.3.1 | b6003fe43666d12f190d51f5279c44c480dd63e6 | |
4.0.2 | eb901ee6b02a6ce51786241e300a30f82eae6dc5 | |
0.0.5 | 4dc5ee4c3152541d892944c7599b81c8d6b1afd6 | |
0.2.4 | c86e40c248604f06e220675de5ea0af17711fc66 | |
5.11.2 | 62092c345d57fe75256d0e2d1d0b694c8bc51bbf | |
5.11.1 | 3ab7860deb3bde7a324c12cbbeb5532442f56709 | |
2.0.35 | 74c548516d344a18949b85daa130f312e35bb6ce | |
4.6.43 | e536300e48ce92cf82a153caccfdc5dc98f8a847 | |
1.6.13 | 5d52b179e5fca147958aec81a2b9d321ce5fd60d | |
6.0.6 | 19fa34ce71349720cd9bda9ca3cb529bc31550c5 | |
0.1.30 | 7d6141ba73cefa92d86ea24cc8f6699b8035e29e | |
4.5.6 | 567c818f028102701b31822817136b8af42f461b | |
7.2.72 | 67c50e318598acccef483929398d27fecbde3c76 | |
7.2.76 | 2c4f2019fc348539c97d75edcedd811e79bf1288 | |
7.2.76 | 120e92669585a501b7676b3d4ca6239dd08c4f85 | |
10.0.2 | 30fc1482630d145d4bbd966ff1b8a61498694ca3 | |
19.0.1 | 91255a47be4f1a3bdee2646d82ca412087708cab | |
19.0.2 | f65a2f9c0276a4cce73cc0b95ebfebd05f2cc973 | |
8.0.1 | dc9e84f92048b0aa78e0a17ae69708ee7aeee349 | |
0.0.35 | c2f0cc5734af74e244ff7ac34ea45387d813a22d | |
0.3.21 | f1c23c1e76acbd07591e4708bc2f2768a9f754f2 | |
1.0.4 | 0490214387616c1265447752310136352545831e | |
0.0.6 | 3c5b060c1a124123a7480cd57d9db98b52a638c3 | |
1.0.5 | 0c708c8b4d02903233ce1d3913353e4ab9e33ce9 | |
1.0.7 | cab67ca4f2051efb640e5b73b5faea6c2b7af4a1 | |
1.9.2 | 382b2e158f2f6a2efc70513bf8c7879715bf908a | |
3.0.6 | 932608d1ce4a27c9ee27ff94d68a0b511470eabb | |
20.0.20 | 5998c5fad96b4a1b91ae490ad4902680ca15a311 | |
4.0.4 | cfb5b91d5cd26eefa1bec6bf7f281d1f978d9b2f | |
2.0.22 | 36817c28b5af8368412e1a64d2f0152a433d2ac4 | |
2.0.28 | e2635f10661d8d085d803078a900d32f170ddf4b | |
2.0.4 | 576fa07c3562822a92f20954693ad5e10db2375c | |
2.0.5 | 0063c7524a71500459a9a66f906ab85146b440df | |
2.0.7 | 6d934e3e5ba69ad11c985b7762a4d6c927fb3d98 | |
2.0.8 | 398bda76a8948d47b8bee4412bc5464cb08cd62a | |
2.0.21 | 7faed5f3f91d69c9e75b102e43d00cbbfcb2e794 | |
2.0.24 | 345989a561fbde9bffe1bfbc5866f874fc9db923 | |
2.0.28 | 9d7217be91c6da2de9ebac80aa7f7234071697d4 | |
2.0.32 | 960aab3849afce2f6ab148cfdf8d37cb5e681f69 | |
2.0.13 | 0096cf6dd7d10755c76f66189b882b56d2d3bc0b | |
1.0.5 | 7c96e8d4e0fbe8acedfc56cd08e2adb66afeeed8 | |
1.0.6 | 73233bfb4ee82584594ae8388c2201d6ed16eee6 | |
2.0.24 | 6f3726f245f371b35541eded21a1b0ee113311fb | |
2.0.27 | f40fb715a308ccd0b38bafd3fdc537b4e0dbd404 | |
2.0.21 | 885408eaba607eae0b325332e16597c95105a071 | |
2.0.25 | e3f5f625c96b78c65361d4ce9997eb8fe269c7ba | |
0.1.12 | f0e85e8f6eae4967cad566908c6d5dacbbb41f2f | |
0.1.9 | 1d96e59c100997baa323f34b0584231bac7e5c6b | |
1.0.5 | 8df342eb91f9a325df8b6224af84019bf6cd1f6a | |
1.0.6 | 12a2badfe08b09efbbe86052b5938ba9965fad39 | |
1.0.5 | 5694d8c0c8368ead7cece24e0ae37b754df467de | |
1.0.6 | a9af7a973c11192c6656a9a175102beb497051f5 | |
2.0.15 | 676be89a74e3bebde560fded35dabd0f8e00cd3b | |
2.0.22 | daa020b17b23a7d9f83048a626ea8398bedad195 | |
1.0.10 | e210dab82f7709b9a01a2735ca88fdfd81f295d4 | |
1.0.9 | 85538b42f006e31ce802b5cc5fdb5000ecaf9998 | |
1.0.3 | a33d081002d21fa5105203df68d82df5d1857977 | |
1.0.4 | 4d07d9859fa20c5f287d699ddbe0ba1762ecf728 | |
1.0.5 | e1ebff1f43105fc3a3e3b005e16aecd5bf4f67be | |
7.2.1 | 087e06ddade4a3a91292f550173f8470c49b5c36 | |
1.4.2 | 61a401e669a33cbd38ca717fda0e6bb86665e9bf | |
4.0.3 | aea3cb5108e29c7869890012d06a7396a8b29ec3 | |
7.0.1 | 3563ab863a9df12638c628b00c36ca2acee6e547 | |
6.0.1 | c4a7f650aa3281fbb8c518eeb5254929e00a3651 | |
9.2.1 | d93c8c3688745239be212f87df64edb7e2284910 | |
4.0.1 | 6f6b53f38e2e1880ed82810dc5fce39cdd942155 | |
9.7.1 | 4223c5eb6d4d8b757e8be054c56417611d47098e | |
2.0.1 | cc289cc72e44d3863d4d099bc1a597fec17821c2 | |
6.3.1 | ef42322bb763f24d44c9594c43812aa18c99dfe3 | |
4.1.1 | d64d6c775c37bf4c1a19c5ec9354f9caff435eaf | |
4.0.1 | 93fe3f8a095b4d4000b95c8eecb029293bf6912f | |
0.2.1 | a4cf109edf9241d35ef736ee01b18b7490b6f52c | |
0.1.7 | 6ff5d0a39979ea1f20f10128cfda5db2efcf78fb | |
0.1.6 | 311bd20dc28b1db74b26e9ee6fb0b99fe401ec5a | |
1.1.6 | 9c06ae302b7fa55d679857b4f327abb63b4d48d9 | |
1.1.7 | 320facebe79fcee01094aec1727a0584dd19728c | |
1.1.8 | ecbdcb3eeb7185ab8ed904fc07bb77a3457b7b67 | |
3.0.5 | 7f82d532cc23945265391d54097f9f480142c161 | |
3.0.6 | 12fa3f0c96ca52b114448cc5caa73d37af104bff | |
3.0.7 | 0072122333af7439c26a1667df5205d4d65af1b2 | |
3.0.8 | 7e65df9d8bc61cc9698c79d5879f4b193cc7dfb1 | |
3.0.9 | e71913b97f95d0ea503479bb43cd1178b3e33f10 | |
3.0.9 | e71913b97f95d0ea503479bb43cd1178b3e33f10 | |
3.5.2 | 8c9e509a486a243910491fa789ea8897a5b12c09 | |
3.5.3 | 13fc4426a084e0046cdea50d6fa46af1d532b570 | |
3.5.4 | cb45e25a49b4cd39f6d769d5c381701619707276 | |
3.5.5 | c6a544ed98b9a84cd45e115248b1ae3af79f075d | |
1.6.10 | b624a8aa11fb92008a5d2833090735311b969877 | |
1.6.11 | 64ee393bc818f70708524859bc19401ee21b0013 | |
1.6.12 | f8e63b6947d2032e75964bac2e7072c6da8f72db | |
1.6.9 | 240bf4209c195b352661376736eb37c1848fc866 | |
0.2.30 | 87e624c96b4e113bbeddb7c251687d614f70e8c3 | |
0.2.31 | 7d7f924bc9eeafea04c11d49a2903ecf84eaebbb | |
0.2.32 | f563abf96e6839d229feee7fe3f7505e8671252b | |
0.2.33 | bd839fe0b70def1c8ac7b6f3c9d6e8be16d6ddc0 | |
1.1.27 | 647c831e11d264b78028e422e40d86bd8ce780de | |
1.1.28 | f131a88cdfc93b2cd3e0731b0b6583a7326f1e19 | |
1.3.35 | a92eafa302c3b910196fabc7387ac1bf01df1ad7 | |
1.3.36 | 22d7593d921a31bb662a81a99dab6dcb97af2c57 | |
1.3.37 | 64a415ff23f6388ab9c3b9487841303c6bf38ede | |
7.2.72 | b146a5c835f456b85f4c4b05003bee82deb2d4b5 | |
7.2.73 | 026e4b7da1f1cee9ad99cb0fd6a1d255fe2b17a3 | |
7.2.74 | d1ebfcb06fbab215f80a7689b99d880270f88cf5 | |
7.2.75 | f1c163880151c3999cf23c2e39ad228ac71d503d | |
7.2.72 | 1751fe471fe83e2ea704f227077ca0fd4b339858 | |
7.2.73 | 71438f3f4e66f8a8e63a4009b39dfd62ceb1ee99 | |
7.2.74 | a76e27340d18fa060f0ad2fb6356cdb33c0a517e | |
7.2.75 | 90a6096f7c835adcaa6fd55a46d86a39c2d23e04 | |
7.2.72 | 4df5a8002dc1f264f5403f4ae8846f5a9de3fa03 | |
7.2.73 | 389ecdcdc731e939261a597f11026b7ee216c77f | |
7.2.74 | e39aa69f9fb9a072988e045c8b8e69f3adcb8bd2 | |
7.2.75 | fc9809b849ac8827de7268186c125203b48eaabf | |
7.2.72 | 1abffe88070892b714cbd9b52903ede4b7f51301 | |
7.2.73 | d42991857e0d782ce3b8cdc43ee2482e96b5884c | |
7.2.74 | db10e35377f42be2016c15ed6caf95295f34aed0 | |
7.2.75 | 90b442685ac930390102205534b9b15cc25f2d06 | |
7.2.72 | e21082f89587b00ade4af8eaf248989f25b1ddfc | |
7.2.73 | 996e65e1b433acace71844e61707068cad2e48dd | |
7.2.74 | fa3d04c908bf3bf1e36485a8e9d4e901d9e5a57e | |
7.2.75 | ccb7989988f61539928bc49637ec5aa76d350cb3 | |
14.1.35 | 177bee8c32779d3df154f52aa60ae32c65abfa53 | |
14.1.36 | 34523ccc99f97688db11eac7ede7f998c5998d5b | |
14.1.37 | 4fd67072517195ee728a17533b065a0e9ad8150b | |
14.1.38 | d4c71b45ffe55cb8c83a34af47c768c31c528a89 | |
2.5.4 | 8be68bfc0d8ea36f5a091c8bb3bac0396dbde3de | |
2.5.5 | ac411d816215ea980a8e0375ec34bbaf9456eed7 | |
2.5.6 | 003ffad46ad3bca7f00252adee39f8f32345bd43 | |
2.5.7 | ee07b0ce5c042c9b01e165a3ae18de80fbf1cd43 | |
0.1.1 | 3dc768eeb76b49a2d7064b72adca5822b486285e | |
20.0.4 | 110a6c4f5d41aee757d77aa19aa9a689ab754cdf | |
20.0.5 | b745835142c52bfcc17cc7d937fead39a7196eeb | |
20.0.6 | 4c1dd52439bc643280124a1987ec0aea9cdfbe06 | |
20.0.4 | ed903aff92a236dc366fad99111280a8370a35df | |
20.0.5 | 06cd5c05d0f744d759daaf47d532093f3f181406 | |
20.0.6 | 529a4a783d464070f6b6401bb3baf1535fee345d | |
2.0.6 | 360e336ab65f10b537f93faac185345ea907e678 | |
2.0.7 | e0ac565baadd1f2a34b672549029b0fea57fe253 | |
2.0.8 | 2a6d6b4fcf5e5b6f23b1c0ec9c5f2dd522aaa787 | |
2.0.9 | 6c88f2f424d0a36cd9d63e399f3985f7d56600a4 | |
5.0.1 | e3f52214176578a1b7b45b4f7091692a302402f8 | |
5.0.2 | e2eb2cbd7a5088de3fba370a9adc9ae08cc6cf1c | |
5.0.3 | 0080fa150e875fe5a1c680e79267af73afb5fb95 | |
5.0.4 | ac9b23db8bac7ce84d507b73628818814a6fe24c | |
5.1.11 | b95d8b582445b8c2b9aa62329fde4ca6ed7fbd0e | |
5.1.12 | a1a3451d41b4d7e46080ed4ead5a2270cf8c434a | |
5.1.13 | 308a65f72791b5082369dbc52faa70281b24668b | |
5.1.14 | 845a1e93818f8860ece4c9da82884009b159921c | |
20.0.4 | d1c4c5d62cb29b32918227c6def85f4867392919 | |
20.0.4 | 0c9b280e183cbf5276dc6b9650ea3fdd93fe2123 | |
20.0.4 | 5b6457cd206d7e5154886a877d5c330ca4d01b4b | |
20.0.5 | 7506b6c4d77b1338a5d489a6fae6c0f1f29460ea | |
20.0.6 | 3423b65bb0763ab6f7f739f732d44e014fc38e19 | |
20.0.7 | a3c6ec9670b239f7f69e41b99adc72f9a8894495 | |
20.0.4 | fadc68277f3ac40f5f85eb4c6b66f0dc282f488d | |
20.0.5 | e97cb399689e7d889312955896f6a4e3fc1d092e | |
20.0.6 | 403ef6e62c8f8803aae156898a1167f8b9085b53 | |
20.0.7 | 7951f1906b56a4efa93df963fc6d84c4a9704452 | |
9.0.35 | 5acc34cf4df6235952c5dd0c5fefefab27ce5590 | |
9.0.29 | 310a7ab4c3fc611e7dd3228b37052a841ff494d6 | |
9.0.35 | cee131c1972396e0f0b2bd39c49d41a0806e2409 | |
9.0.22 | b197cfd9bfbb94ffdf3dc2ac26cfd987ba66ae1c | |
9.0.35 | 7a1de8b9591a6920f980c7662ff9949642b4d0d4 | |
9.0.2 | d5d59f23fb67853a7636a6798d5fa245733c00bf | |
9.0.35 | f2a9ee21332231fa20238ee0f13fc139266f09f5 | |
9.0.35 | 401831d474a9597445ace62baa3b656bca97417d | |
9.0.35 | b9693e359149d8d85184f00dea3aadac74aa491f | |
9.0.27 | ea8bc17d3aca38a1deb1968a16ed64c52f331f54 | |
9.0.35 | 33a7132f70ace01638b8ee61b68815376e56f005 | |
9.0.35 | 934de881ec1be63301a8fd64ec761cc0a41c2ba5 | |
9.0.22 | 03225c19bee852cbc8e60424f8e63914119ce40b | |
9.0.35 | fa5ff4155006cf4baee347b20c448e1f4fbffbfc | |
9.0.22 | 90f59eaa4385641055b328fd2b0b5ab8d310301f | |
9.0.35 | a3ab92d9dd7c337696d540d29e4ad82c472c3a4f | |
9.0.2 | 19361ef0716b83d0ae88878fbb29dfaf7e64efbc | |
9.0.35 | 90fb283db12bcd6d4ead5f23b49b660fe060d451 | |
9.0.22 | d923da975d139aaa665f35b8feacbe6efead4dca | |
9.0.35 | 3b7e58ab4a089f530c5d07de8cbdbf28645df51b | |
1.1.4 | b1fb89ed6bd2d5e0f8c1958c080eb47ff2e6c01b | |
9.0.42 | 97dd6150e9390a09ba561bebb719d10cf153b753 | |
9.0.42 | 3038d9666d04549cd391e3eb7e6012c5a411ea91 | |
9.0.43 | 2095e7fa04d2017a4d03b14b2a4a978c076772e4 | |
9.0.42 | 8b547b4d81002e1fea9609e479ca9d960bdaf4fe | |
9.0.43 | ef80174f5a81973555605cbf1b9b5082727df347 | |
9.0.42 | 3f6ad78b44f30e9f61d0a69251e709e5f4a02954 | |
9.0.43 | 83352fb0f053fad895c79b42ad6d3cf62dd17e06 | |
9.0.42 | 778f311c19e6cb93ce739b8b64cbdd530355d52e | |
9.0.43 | 62649977353e0dc5701c2f64344f450a12cb7484 | |
9.0.42 | f25529f414e59e4e90cc74b7e2f48575205e6d4b | |
9.0.43 | 91af64987e656a34c42438e8e1bb40cc1b7f4508 | |
9.0.42 | 06db2f70510bd4be0a07f94a6b72892c8aef2cdc | |
9.0.43 | 8191b7a4f9710e20a270fc07769a7aea5fc194b2 | |
1.0.8 | dc9758c76a361fe4a17d0cd51c9f8e5510f68cd5 | |
1.0.8 | 3d5425b61125c257b30d021673cd61132c2b18c9 | |
1.0.8 | 118ef85bd41f226651811314a17fb7ffba1e89fd | |
1.0.8 | a21ea668986d01115824e61442308842ad4e3352 | |
24.1.7 | 78f3a5b3d43d9d7037d3819cb338084fe4445539 | |
24.1.7 | b6501d1eac8e9e9faa7d54cab6058bdb1072e682 | |
6.5.17 | 2d85a99dccfd2814b3708511dc20039d62dde41a | |
1.0.13 | f2a4f0000a32ce1ef2c1e812770bc7c300ac551b | |
8.7.53 | a99abc7faa2a12bc661af4a75d772068ed26d1a8 | |
0.0.14 | cdecc1d75cc5f9f03c7b6c0d96fe0ca1476ee049 | |
14.1.1 | 527b3bbcbb86e88a2f51199bc21e12aec19bbb62 | |
0.0.2 | 9fa8eaa98cd9cb7407f1f368a9f2acd133e1e1d8 | |
0.0.2 | 1eb92906219550b13517ff254cc38c81e9cf5f2e | |
1.1.8 | 210204bb7b25cef1a9ebe99f7215f2eeff2e5824 | |
1.0.2 | d43347437dd29a3cae7bc1444a86d3c9cad281ec | |
0.0.4 | 4331d9d2fa8eda602d6d03146d04d5afe22e916e | |
0.8.5 | 13af3719a7dabcb5b4a694a172a52cb14df19a2d | |
1.0.24 | 5a7b8aa05b0a291b1fbe99d499ccc63b8aa71b79 | |
1.0.32 | 60358631cd4fb8b529814623c09524ca8664105a | |
1.1.4 | a6f0ac3737e30f477d9466aab217e9925f3246ce | |
1.1.5 | 13f4230e8fad87054239f365636c85ff8656236b | |
21.2.8 | e992e5249e12cc80b8375c079315b1c486a13d90 | |
21.2.8 | 659820cbbcc8423a61db462dfe64ca30a9176203 | |
1.7.4 | 47a73e73050a8883ff08568df024cbe3e2d6b639 | |
1.3.1 | e2f8fddc8c17d4535218231b12626610d69b67aa | |
1.2.1 | fab6e4df7b80943ae29bb7b4edd003470da6627e | |
1.0.3 | 9094b2c603f4ed27c43c5dd43aa88042dd869838 | |
0.4.4 | 5906e25493da68038fbb9d4325d46e2994d75d64 | |
0.4.7 | c1fe9ce3cd6cacab31a8667294dca65faa0f3329 | |
1.1.1 | 83ddf0bc25c6e88d45704fbc813761fca4179193 | |
1.6.5 | 7d9b1f7f4f481aba7a6a469a9297b716c62f99be | |
0.0.10 | 10788351b07d79534c26ecf23b21448476c38bb9 | |
0.0.9 | 37a6b73233b03a6eee735cb39122f677b783d23f | |
10.0.1 | 1b15ec68abb696117242013e543bf21c991bbff9 | |
1.1.5 | 1fca43f86a0a4c1697982c4659565b6532d2fecf | |
1.1.6 | 614ddebdf1fd288070c2275c70b989348879feae | |
1.0.4 | 7c613b0a9a0d3a004f567fc90da4ae472f6c736b | |
1.0.5 | 571549715b590510f535fcb3e82920888295bc52 | |
1.6.1 | a12e996d90f783e67ca0b1a83eea0db2f099d003 | |
0.4.9 | b0fec9e0e1855df3f154f021489848087b5f8762 | |
0.4.9 | b0fec9e0e1855df3f154f021489848087b5f8762 | |
0.4.9 | b0fec9e0e1855df3f154f021489848087b5f8762 | |
0.4.9 | b0fec9e0e1855df3f154f021489848087b5f8762 | |
1.9.1 | 893f7d22e9e2a9f50ae583522bcace960a706a04 | |
1.0.2 | 66e20f881eb94efdc0958ffb5569741b5fee510b | |
3.0.5 | 4e5e70b023b5d8f0983ba69d2fa2788b86df6d54 | |
1.0.1 | e3c0ce021261404a8808ff414013f3fa710fb36d | |
1.0.2 | 8b88d5346ba09eb39b708ef0026790ee015b2fe6 | |
1.0.2 | 6bc95c243a33da1ff9ef09ba518da1ee58e44ff4 | |
0.1.3 | 82600ebc40dae8ac100e4611738e30d8f99cd352 | |
6.0.326 | d04365647522fa3f5f4e4279dad1666b442812e2 | |
0.1.6 | bb89a120088691e2bd055678ed5c4ccb9a0c924f | |
0.1.2 | db4428be64a256f77f82f58237b416ba3ca0f16c | |
1.0.8 | 30c772252f31bc9d44dfa430a4476f3a2022e895 | |
0.1.9 | 21357b8d7070e494770dc1893690cb997f740f64 | |
0.1.3 | a9990a5a9c470b631522f2d5916446c4bac85ed3 | |
0.0.2 | 795f4a1625f49b754da8ecf8ca7ee374d203f435 | |
0.1.6 | 98b48eb833fa7c4efd2e5614ea8eee707d6a0a9f | |
0.1.2 | 22a00ac7a42f013e2cac82cf4a873dc6b064ae48 | |
0.1.1 | c30927317377e66447b94ab5fbebb222123cf7e8 | |
0.8.8 | 5b8857a6b61b9525aac325e4b3a79c3244005633 | |
0.1.5 | 7b61753a2103e7f64318a3e707feb3bbb36d92a1 | |
0.3.1 | 68a6d3c07d849ad799f25e2b0c6bc08718d23f99 | |
0.0.3 | 741c2c511901178f4c4272fcfcaf00cf00b7c8be | |
0.0.3 | 97df17665971e350f672c908043265ff72c9027d | |
1.1.9 | c796d3f742f08fd89f052c9ce0371665ff23cd1c | |
0.0.5 | c85966a482146b1d3d9e92d2e08d2e4ea8be643b | |
1.0.3 | f0170c1b821dcbb0daaa8bcdbd794d9e89331e19 | |
8.1.1 | b582920e855e1e2c6ada833b9bc847fa71b705ec | |
8.1.2 | a0aade7704bf7fe660823a61705dfda12734da2e | |
0.4.2 | fcb8efa44585cb1108f96b2161005a2a61491ca1 | |
0.19.2 | 484b9545aa4425d31b9063d84df6754410215198 | |
0.34.2 | 852391435a52bb19b5e008d0306e6113f5c178c8 | |
0.34.3 | 15600f4ed3aeed95cdfa3a0722555a4e6c1aade5 | |
1.205.2 | 258baa048dbaa7ca2b6e795eaea231d4ae701afc | |
1.205.2 | 6c28175816158ec4d2baecffad3deb786ff86581 | |
1.205.1 | 99883d3c767c292a3c71f7bb0ae8bcd2e558c571 | |
1.205.2 | d0af49cbe1564999993f78611357780d5ee52f43 | |
1.205.2 | 2548941c5f9b6b9136cc13983bfa7a67cd6ed6ef | |
5.0.2 | 61217d6a1b8d58b28a5bfe811aefeed96fccd446 | |
4.0.3 | 35d1b0e71c952dea1825e5533828d69637b5d30e | |
4.0.4 | ebb9d53e562fdf659ee2f4aeefbc428de15b81c8 | |
3.0.8 | 10e0c7a70c43192e328efb49b32022386e0153c9 | |
5.0.3 | 255d1c45b8c6617da82036d6d2671635b7b5b4e3 | |
1.0.1 | 88cfd1228ea1c8a22ced8b103c4e55c284f6225b | |
1.1.3 | c7a9213783333353d635e9949705294bb2662c38 | |
2.1.6 | 58cf961afe349338d25ed0eb610310d02a2a1bd3 | |
1.0.13 | 254071afdb95e945a2098fe598ad972edea624a6 | |
2.2.2 | ba60d4d997dd7367fa3490d1a39cf40ff2733504 | |
11.0.3 | 8d33988a9f1c404c757b9bd474a1dc9e632d0882 | |
13.0.2 | 6bc7f46b3bdb3021d57782f27028030d95b5ce38 | |
4.0.2 | 930719f947239b5ddf61ca30ed5583ace8b95ede | |
6.0.1 | af797c0a93b635e0fa17b5d6b08038fa4cd2db16 | |
5.0.3 | ec45aaf47ec08f52fad9b6ef12f5edcbe4fd192f |
[ Join RL researchers for a live Q&A about the Shai-hulud worm at 12pm EDT ]