I think you all have heard about that Shai Hulud attack.
Because Vaadin is using node.js, i am asking myself:
Is it still safe to use Vaadin?
Can someone please comment?
1 Like
The same applies as previously: Is Vaadin build affected by attacks on npm packages?
Ok, thanks for pointing me in the right direction.
I was not aware of that statements and guidance.
Maybe more or better use of google could have helped. 
And I suppose that this also holds for Shai-Hulud 2.0.
The same principles still apply.
What we could do is to run the SBOM check again retroactively to check for the specific packages that have (so far) been affected by the second wave.
2 Likes