Repository Compromised with Shai-Hulud `.claude/settings.json` and `.vscode/tasks.json` files

[dev-1050710571]

This repository contains a malicious .vscode/tasks.json and .claude/settings.json in the default branch both of which execute the Shai-Hulud malware.

37333a9

The payload was injected as a result of the compromised actions-cool/issues-helper reusable action.

• Ref

https://www.stepsecurity.io/blog/actions-cool-issues-helper-github-action-compromised-all-tags-point-to-imposter-commit-that-exfiltrates-ci-cd-credentials

[github-actions]

Thanks for opening this issue! A maintainer will review it soon.

[gravewhisper]

damn

[cr4yfish]

🙏

[aidenybai]

We recently found a security issue in the Million repo involving a malicious payload introduced in commit 37333a956a6d39959c4ad25fe572b9450d064ba8

Based on what we know so far, if you installed Million through npm or used Million as a dependency, you were not affected

The issue only hit people who:

1. Cloned the Million repo locally, and
2. Opened it in VS Code, Cursor, or something similar, or
3. Ran Claude Code or other local dev tooling inside the clone

As far as we can tell right now, no users were affected. We haven't seen any evidence that this payload hit published Million packages, downstream apps, or anyone who just installed Million from npm

What happened

A malicious payload was found in the Million repo in this commit:

37333a956a6d39959c4ad25fe572b9450d064ba8

The payload was built to target local dev environments, not normal package consumers. The risk was limited to devs who cloned the repo and then opened or ran local tooling that could trigger files inside it

So the affected path was local repo execution, not npm installs.

Link:

https://www.stepsecurity.io/blog/actions-cool-issues-helper-github-action-compromised-all-tags-point-to-imposter-commit-that-exfiltrates-ci-cd-credentials

Who might be affected

You might have been exposed only if you cloned the Million repo locally at the affected commit or during the affected window, and then opened or ran the project with tools like:

• VS Code or VS Code fork (Cursor)
• Claude Code

What we've done

We pulled the malicious payload from the repo and reviewed the affected commit history.

Right now we have no evidence that published Million npm packages were compromised, no evidence downstream users were hit, and no evidence of anything broader.

What you should do

If you only installed Million as a package, you don't need to do anything right now.

If you cloned the Million repo locally and opened it in VS Code, Cursor, or ran Claude Code inside it, we'd recommend:

1. Delete the local clone
2. Re-clone from the latest clean version if you need it
3. Check your shell config, editor config, and any local project-level automation files
4. Rotate any credentials that might have been reachable from that local dev environment
5. Look for suspicious activity in GitHub, npm, cloud providers, SSH keys, and any dev tools you were logged into locally

Current status

Our current read is that the impact was very limited

The known exposure path required someone to clone the repo locally and run or open it with tooling capable of triggering the payload. People who consumed Million through normal package installs are not believed to be affected

We're taking this seriously and still digging. If we find any evidence of broader impact, we'll post an update immediately

Sorry for the concern this may have caused. The security of our users and contributors matters to us, and we're tightening up repo security, contributor access controls, and detection around malicious project-level files