v1.5.1

Added

• CLI tool — npx hulud for easy scanning (primary command)
  • scan [path] — Scan directory for IOCs (default command)
  • check — Quick check of current project
  • suspend — Safely suspend malicious processes with SIGSTOP
  • info — Show attack information and known IOCs
  • --verbose, --json, --output flags
  • Colorful terminal output with ASCII banner
• bin/cli.js — Node.js CLI entry point (ESM)
• npm package configuration for npx usage
• Additional keywords for npm discoverability

Changed

• package.json — Added bin field with hulud command, type: module, files, repository, bugs, homepage
• Updated engines to Node.js >=18 for broader compatibility
• Updated all documentation (README.md, cs/README.md, ROADMAP.md, cs/ROADMAP.md) to use npx hulud

---

v1.5.0

Added

• ROADMAP.md - Comprehensive project roadmap with nested checkboxes based on multi-model AI security audits (Claude Opus 4.5, GPT-5.1-Pro, Grok-4.1, Perplexity, Proton-Lumo, Gemini-3-Pro)
• cs/ROADMAP.md - Czech translation of the roadmap
• Roadmap section in README.md (EN) with link to ROADMAP.md
• Roadmapa section in cs/README.md (CZ) with link to ROADMAP.md
• Multi-model security audit documentation in AGENTS.md
• Critical security context section in AGENTS.md (Dead Man's Switch warning, attack characteristics)
• Research findings reference in AGENTS.md (.agents/research/ directory)
• scripts/suspend-malware.sh - Safe process suspension using SIGSTOP (prevents wiper trigger)
  • Auto-detection of malicious processes by known signatures
  • --dry-run mode for safe testing
  • --resume mode to unfreeze processes after backup
  • State file tracking of suspended PIDs
  • Interactive and auto modes
• ioc/network.json - Network Indicators of Compromise
  • C2 domain monitoring (suspected domains)
  • Exfiltration webhook patterns (webhook.site, pipedream, requestbin)
  • GitHub API abuse patterns and endpoints
  • Cloud metadata service abuse detection (169.254.169.254)
  • Firewall rule recommendations for CI/CD
  • SIEM/IDS detection queries
• .github/workflows/socket-security.yml - Socket.dev GitHub Actions integration
• socket.yml - Root-level Socket.dev configuration for GitHub App

Changed

• Updated attack metrics: 796 → 800+ packages, added 1,200+ organizations impacted

• Updated Contributing/Priority Areas section in both READMEs to reference ROADMAP.md

• Updated repository structure in AGENTS.md to reflect current layout

• Updated task priorities in AGENTS.md to include roadmap items

• Updated project status in AGENTS.md, README.md, cs/README.md, and ROADMAP.md to 2025-12-02

• Updated Roadmap progress (Core Detection 85%, IOC Database 60%)

• Marked v1.5.0 as released in Roadmap

• ioc/malicious-packages.json - Updated statistics with credential exfiltration counts (775+ GitHub, 373+ AWS, 300+ GCP, 115+ Azure)

Fixed

• False positives in scripts/detect.sh where documentation files triggered cloud metadata abuse detection
• False positives in scripts/detect.sh where documentation files triggered secondary phase indicator detection
• Downgraded "Bun detected" warning to INFO in scripts/detect.sh to prevent CI failure
• Fixed socket-security.yml CI failure by skipping scan when SOCKET_SECURITY_API_KEY is missing
• Fixed ShellCheck warning in scripts/suspend-malware.sh (unused VERBOSE variable)
• Fixed false positive where CHANGELOG.md triggered detection by explicitly excluding it in scripts/detect.sh

v1.4.0

What's Changed

• chore: release v1.4.0 by @miccy in #9

Full Changelog: v1.3.4...v1.4.0

v1.3.4

What's Changed

• Preview/v1.3.4 by @miccy in #8

Full Changelog: v1.3.3...v1.3.4

v1.3.3

What's Changed

• feat: v1.1.0 - Localization, CI/CD, and Shai-Hulud v2 Security Updates by @miccy in #1
• Improove docs by @miccy in #2
• Preview/v1.3.1 by @miccy in #5
• Preview/v1.3.2 by @miccy in #6
• chore: release v1.3.3 by @miccy in #7

New Contributors

• @miccy made their first contribution in #1

Full Changelog: https://github.com/miccy/dont-be-shy-hulud/commits/v1.3.3