chore(blog): publish postmortem on recent security breach #4640
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Shurtu-gal <ashishpadhy1729@gmail.com>
Shurtu-gal
requested review from
Mayaleeeee,
TRohit20,
akshatnema,
anshgoyalevil,
asyncapi-bot-eve,
derberg,
sambhavgupta0705 and
thulieblack
as code owners
✅ Deploy Preview for asyncapi-website ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify project configuration. |
asyncapi-bot
requested review from
CBID2,
ashmitjsg,
bandantonio and
vishvamsinh28
Contributor
WalkthroughAdds a new markdown blog post documenting the Shai‑Hulud security incident with frontmatter, a detailed incident timeline and narrative, response and remediation actions, attack‑chain analysis, affected parties, next steps and lessons learned, an embedded (partially obfuscated) JavaScript/Bun payload snippet, and a banner image. (≤50 words) Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes
Poem
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
📜 Recent review detailsConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro 📒 Files selected for processing (1)
🧰 Additional context used🧠 Learnings (3)📚 Learning: 2024-11-25T18:34:51.303ZApplied to files:
📚 Learning: 2024-10-18T17:24:45.053ZApplied to files:
📚 Learning: 2025-01-19T04:51:41.255ZApplied to files:
🪛 LanguageToolmarkdown/blog/shai-hulud-postmortem.md[uncategorized] ~42-~42: The official name of this software platform is spelled with a capital “H”. (GITHUB) [grammar] ~99-~99: Use a hyphen to join words. (QB_NEW_EN_HYPHEN) 🪛 markdownlint-cli2 (0.18.1)markdown/blog/shai-hulud-postmortem.md22-22: Emphasis used instead of a heading (MD036, no-emphasis-as-heading) 23-23: Unordered list indentation (MD007, ul-indent) 24-24: Unordered list indentation (MD007, ul-indent) 25-25: Unordered list indentation (MD007, ul-indent) 26-26: Unordered list indentation (MD007, ul-indent) 27-27: Unordered list indentation (MD007, ul-indent) 28-28: Unordered list indentation (MD007, ul-indent) 29-29: Unordered list indentation (MD007, ul-indent) 30-30: Unordered list indentation (MD007, ul-indent) 31-31: Unordered list indentation (MD007, ul-indent) 32-32: Unordered list indentation (MD007, ul-indent) 44-44: Fenced code blocks should have a language specified (MD040, fenced-code-language) ⏰ Context from checks skipped due to timeout of 180000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Contributor
Author
|
cc: @Florence-Njeri please let me know, if something needs to be added. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #4640 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 22 22
Lines 799 799
Branches 146 146
=========================================
Hits 799 799 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Contributor
|
⚡️ Lighthouse report for the changes in this PR:
Lighthouse ran on https://deploy-preview-4640--asyncapi-website.netlify.app/ |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
markdown/blog/shai-hulud-postmortem.md (1)
96-96: Fix hyphenation in compound adjective.Line 96 uses the compound adjective "limited scope tokens" but it should be hyphenated as "limited-scope tokens" when modifying a noun.
Apply this diff:
-- Token rotation and limited scope tokens should be enforced. Our current NPM token was 3 years old. +- Token rotation and limited-scope tokens should be enforced. Our current NPM token was 3 years old.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
public/img/posts/shai-hulud-postmortem/affected.pngis excluded by!**/*.png
📒 Files selected for processing (1)
markdown/blog/shai-hulud-postmortem.md(1 hunks)
🧰 Additional context used
🪛 LanguageTool
markdown/blog/shai-hulud-postmortem.md
[grammar] ~96-~96: Use a hyphen to join words.
Context: ...of failure. - Token rotation and limited scope tokens should be enforced. Our cur...
(QB_NEW_EN_HYPHEN)
🪛 markdownlint-cli2 (0.18.1)
markdown/blog/shai-hulud-postmortem.md
21-21: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
22-22: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
24-24: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
25-25: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
26-26: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
27-27: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
28-28: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
29-29: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
30-30: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
31-31: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
32-32: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
44-44: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
⏰ Context from checks skipped due to timeout of 180000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
- GitHub Check: cypress-run
- GitHub Check: Test NodeJS PR - windows-latest
- GitHub Check: Lighthouse CI
🔇 Additional comments (1)
markdown/blog/shai-hulud-postmortem.md (1)
17-99: LGTM on content and incident communication.The postmortem is comprehensive, transparent, and follows security incident communication best practices. The narrative clearly explains:
- What happened with timeline precision
- How the team responded
- The attack chain and root cause
- Actionable steps for affected users
- Concrete lessons learned with specific improvements (Trusted Publisher adoption, token rotation policy)
The external attributions (Aikido's analysis, reporter names) add credibility. Fix the three markdown formatting issues noted in prior comments, and this is ready to publish.
Signed-off-by: Shurtu-gal <ashishpadhy1729@gmail.com>
Contributor
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (2)
markdown/blog/shai-hulud-postmortem.md (2)
22-33: Fix markdown formatting in incident timeline (duplicate of previous review).The timeline section has two outstanding issues from the previous review that remain unaddressed:
- Line 22: The emphasis-formatted date should be a level-3 heading per MD036.
- Lines 23–33: List items are indented with 2 spaces, but markdownlint requires 0-space indentation per MD007.
Apply this diff to fix both issues:
- **Mon, 24 Nov 2025** - - `03:58:47 UTC` — Pushing of malicious package versions to npm registry. +### Mon, 24 Nov 2025 +- `03:58:47 UTC` — Pushing of malicious package versions to npm registry. - - `10:02:00 UTC` — [Report by Charlie Eriksen](https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains) from Aikido about compromised packages. - - `10:32:00 UTC` — Acknowledgment of the issue by AsyncAPI team, and communication initiated to inform the community. - - `10:42:00 UTC` — Initial investigation and revoking of NPM tokens. - - `10:58:00 UTC` — Reported the incident to npm security team and started deprecating affected packages as unpublishing is not allowed with dependent packages. - - `11:46:00 UTC` — Action taken by NPM security team to unpublish the malicious packages. - - `13:33:00 UTC` — Suspected leak found in [vs-asyncapi-preview](https://github.com/asyncapi/vs-asyncapi-preview), as malicious version (1.0.1) was pushed to [OpenVSX Registry](https://open-vsx.org/extension/asyncapi/asyncapi-preview) through report from [Yusuke Sugamiya](https://x.com/DNPP) - - `13:45:00 UTC` — Revoked OpenVSX token and reported to OpenVSX security team. - - `14:30:00 UTC` — OpenVSX team unpublished the malicious package version. - - `15:45:00 UTC` — Incident report writing started. +- `10:02:00 UTC` — [Report by Charlie Eriksen](https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains) from Aikido about compromised packages. +- `10:32:00 UTC` — Acknowledgment of the issue by AsyncAPI team, and communication initiated to inform the community. +- `10:42:00 UTC` — Initial investigation and revoking of NPM tokens. +- `10:58:00 UTC` — Reported the incident to npm security team and started deprecating affected packages as unpublishing is not allowed with dependent packages. +- `11:46:00 UTC` — Action taken by NPM security team to unpublish the malicious packages. +- `13:33:00 UTC` — Suspected leak found in [vs-asyncapi-preview](https://github.com/asyncapi/vs-asyncapi-preview), as malicious version (1.0.1) was pushed to [OpenVSX Registry](https://open-vsx.org/extension/asyncapi/asyncapi-preview) through report from [Yusuke Sugamiya](https://x.com/DNPP) +- `13:45:00 UTC` — Revoked OpenVSX token and reported to OpenVSX security team. +- `14:30:00 UTC` — OpenVSX team unpublished the malicious package version. +- `15:45:00 UTC` — Incident report writing started.
45-58: Add language specifier to code block (duplicate of previous review).The code block is missing a language specifier, which markdownlint requires per MD040. Since this is JavaScript/Node.js code, add the
javascriptidentifier to the opening fence.Apply this diff:
-``` +```javascript async ["bundleAssets"](_0x349b3d) {
🧹 Nitpick comments (1)
markdown/blog/shai-hulud-postmortem.md (1)
97-97: Use hyphen to join compound modifier.On Line 97, "limited scope tokens" should be hyphenated as "limited-scope tokens" when used as a compound modifier before a noun.
Apply this diff:
-- Token rotation and limited scope tokens should be enforced. Our current NPM token was 3 years old. +- Token rotation and limited-scope tokens should be enforced. Our current NPM token was 3 years old.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
markdown/blog/shai-hulud-postmortem.md(1 hunks)
🧰 Additional context used
🧠 Learnings (2)
📚 Learning: 2024-10-18T17:24:45.053Z
Learnt from: anshgoyalevil
Repo: asyncapi/website PR: 3301
File: scripts/markdown/check-markdown.js:0-0
Timestamp: 2024-10-18T17:24:45.053Z
Learning: In `scripts/markdown/check-markdown.js`, the script is not run in an asynchronous environment, so refactoring it to use `async/await` is unnecessary.
Applied to files:
markdown/blog/shai-hulud-postmortem.md
📚 Learning: 2024-11-25T18:34:51.303Z
Learnt from: akshatnema
Repo: asyncapi/website PR: 3378
File: scripts/markdown/check-markdown.js:1-1
Timestamp: 2024-11-25T18:34:51.303Z
Learning: When reviewing `scripts/markdown/check-markdown.js`, optimizations should be addressed in separate issues and not included in the current pull request.
Applied to files:
markdown/blog/shai-hulud-postmortem.md
🪛 LanguageTool
markdown/blog/shai-hulud-postmortem.md
[grammar] ~97-~97: Use a hyphen to join words.
Context: ...of failure. - Token rotation and limited scope tokens should be enforced. Our cur...
(QB_NEW_EN_HYPHEN)
🪛 markdownlint-cli2 (0.18.1)
markdown/blog/shai-hulud-postmortem.md
22-22: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
23-23: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
25-25: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
26-26: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
27-27: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
28-28: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
29-29: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
30-30: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
31-31: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
32-32: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
33-33: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
45-45: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
⏰ Context from checks skipped due to timeout of 180000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
- GitHub Check: Redirect rules - asyncapi-website
- GitHub Check: Header rules - asyncapi-website
- GitHub Check: Pages changed - asyncapi-website
- GitHub Check: cypress-run
🔇 Additional comments (1)
markdown/blog/shai-hulud-postmortem.md (1)
35-100: Postmortem content is thorough and well-structured.The narrative clearly documents the incident, response timeline, technical attack chain, user guidance, and lessons learned. The extensive code snippet appropriately illustrates the malicious payload. The lessons learned section demonstrates understanding of root causes and preventive measures (Trusted Publisher, token rotation, backup maintainers).
Signed-off-by: Shurtu-gal <ashishpadhy1729@gmail.com>
Contributor
There was a problem hiding this comment.
Actionable comments posted: 3
♻️ Duplicate comments (2)
markdown/blog/shai-hulud-postmortem.md (2)
22-33: Fix markdown formatting in incident timeline (MD036, MD007).The timeline section contains two persistent markdownlint violations flagged in prior reviews:
- Line 22: "Mon, 24 Nov 2025" uses emphasis instead of a level-3 heading (MD036).
- Lines 23–33: Timeline items are indented with 2 spaces, but must start at column 0 for unordered lists (MD007).
Apply this diff to resolve both issues:
## Incident Timeline -**Mon, 24 Nov 2025** - - `03:58:47 UTC` — Pushing of malicious package versions to npm registry. +### Mon, 24 Nov 2025 - - `10:02:00 UTC` — [Report by Charlie Eriksen](https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains) from Aikido about compromised packages. - - `10:32:00 UTC` — Acknowledgment of the issue by AsyncAPI team, and communication initiated to inform the community. - - `10:42:00 UTC` — Initial investigation and revoking of NPM tokens. - - `10:58:00 UTC` — Reported the incident to npm security team and started deprecating affected packages as unpublishing is not allowed with dependent packages. - - `11:46:00 UTC` — Action taken by NPM security team to unpublish the malicious packages. - - `13:33:00 UTC` — Suspected leak found in [vs-asyncapi-preview](https://github.com/asyncapi/vs-asyncapi-preview), as malicious version (1.0.1) was pushed to [OpenVSX Registry](https://open-vsx.org/extension/asyncapi/asyncapi-preview) through report from [Yusuke Sugamiya](https://x.com/DNPP) - - `13:45:00 UTC` — Revoked OpenVSX token and reported to OpenVSX security team. - - `14:30:00 UTC` — OpenVSX team unpublished the malicious package version. - - `15:45:00 UTC` — Incident report writing started. +- `03:58:47 UTC` — Pushing of malicious package versions to npm registry. +- `10:02:00 UTC` — [Report by Charlie Eriksen](https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains) from Aikido about compromised packages. +- `10:32:00 UTC` — Acknowledgment of the issue by AsyncAPI team, and communication initiated to inform the community. +- `10:42:00 UTC` — Initial investigation and revoking of NPM tokens. +- `10:58:00 UTC` — Reported the incident to npm security team and started deprecating affected packages as unpublishing is not allowed with dependent packages. +- `11:46:00 UTC` — Action taken by NPM security team to unpublish the malicious packages. +- `13:33:00 UTC` — Suspected leak found in [vs-asyncapi-preview](https://github.com/asyncapi/vs-asyncapi-preview), as malicious version (1.0.1) was pushed to [OpenVSX Registry](https://open-vsx.org/extension/asyncapi/asyncapi-preview) through report from [Yusuke Sugamiya](https://x.com/DNPP) +- `13:45:00 UTC` — Revoked OpenVSX token and reported to OpenVSX security team. +- `14:30:00 UTC` — OpenVSX team unpublished the malicious package version. +- `15:45:00 UTC` — Incident report writing started.
45-58: Add language specifier to fenced code block (MD040).The code block is missing a language identifier. Add
javascriptto specify the code language per markdownlint MD040.Apply this diff:
-``` +```javascript async ["bundleAssets"](_0x349b3d) {
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
markdown/blog/shai-hulud-postmortem.md(1 hunks)
🧰 Additional context used
🧠 Learnings (3)
📚 Learning: 2024-10-18T17:24:45.053Z
Learnt from: anshgoyalevil
Repo: asyncapi/website PR: 3301
File: scripts/markdown/check-markdown.js:0-0
Timestamp: 2024-10-18T17:24:45.053Z
Learning: In `scripts/markdown/check-markdown.js`, the script is not run in an asynchronous environment, so refactoring it to use `async/await` is unnecessary.
Applied to files:
markdown/blog/shai-hulud-postmortem.md
📚 Learning: 2024-11-25T18:34:51.303Z
Learnt from: akshatnema
Repo: asyncapi/website PR: 3378
File: scripts/markdown/check-markdown.js:1-1
Timestamp: 2024-11-25T18:34:51.303Z
Learning: When reviewing `scripts/markdown/check-markdown.js`, optimizations should be addressed in separate issues and not included in the current pull request.
Applied to files:
markdown/blog/shai-hulud-postmortem.md
📚 Learning: 2025-01-19T04:51:41.255Z
Learnt from: anshgoyalevil
Repo: asyncapi/website PR: 3557
File: tests/fixtures/markdown/check-edit-links-data.js:3-11
Timestamp: 2025-01-19T04:51:41.255Z
Learning: In the AsyncAPI website repository, the test data in `tests/fixtures/markdown/check-edit-links-data.js` intentionally includes inconsistent paths (with and without 'docs' prefix) to verify the script's ability to normalize and handle ambiguous path structures.
Applied to files:
markdown/blog/shai-hulud-postmortem.md
🪛 LanguageTool
markdown/blog/shai-hulud-postmortem.md
[uncategorized] ~43-~43: The official name of this software platform is spelled with a capital “H”.
Context: ...syncapi-previewextension, which had anpm install github:asyncapi/cli#2efa4dff59bc3d3cecdf897ccf...
(GITHUB)
[uncategorized] ~75-~75: The official name of this software platform is spelled with a capital “H”.
Context: ...ocesses and infrastructure. - Publish a Github Security Advisory detailing the inciden...
(GITHUB)
[grammar] ~97-~97: Use a hyphen to join words.
Context: ...of failure. - Token rotation and limited scope tokens should be enforced. Our cur...
(QB_NEW_EN_HYPHEN)
🪛 markdownlint-cli2 (0.18.1)
markdown/blog/shai-hulud-postmortem.md
22-22: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
23-23: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
25-25: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
26-26: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
27-27: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
28-28: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
29-29: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
30-30: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
31-31: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
32-32: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
33-33: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
45-45: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
thulieblack
changed the title
derberg
reviewed
Nov 25, 2025
Signed-off-by: Shurtu-gal <ashishpadhy1729@gmail.com>
Signed-off-by: Shurtu-gal <ashishpadhy1729@gmail.com>
derberg
reviewed
Nov 25, 2025
derberg
reviewed
Nov 25, 2025
2 tasks
Updated the postmortem with corrected titles, dates, and improved clarity in the incident timeline and response sections.
Co-authored-by: Lukasz Gornicki <lpgornicki@gmail.com>
Clarified details about the attack chain and token security in the postmortem.
Shurtu-gal
commented
Nov 25, 2025
Member
|
Also not sure why the tests are failing here |
Contributor
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (4)
markdown/blog/shai-hulud-postmortem.md (4)
44-44: Add language specifier to fenced code block (MD040).The code block is missing a language identifier. Since this is JavaScript/Node.js code, specify the language as
javascript.Apply this diff:
-``` +```javascript async ["bundleAssets"](_0x349b3d) {
99-99: Add hyphen to compound adjective on line 99.Use a hyphen to join the compound adjective: "limited-scope tokens" (not "limited scope tokens").
Apply this diff:
-- Token rotation and limited scope tokens should be enforced. Our current NPM token is 3 years old. +- Token rotation and limited-scope tokens should be enforced. Our current NPM token is 3 years old.
42-42: Capitalize "GitHub" on line 42.The brand name should use proper capitalization. Change
npm install github:asyncapi/clitonpm install GitHub:asyncapi/cli.Apply this diff:
-One example of how this works was in v1.0.1 of `vs-asyncapi-preview` extension, which had an `npm install github:asyncapi/cli#2efa4dff59bc3d3cecdf897ccf178f99b115d63d` pointing to a [commit in a malicious fork](https://github.com/asyncapi/cli/commit/2efa4dff59bc3d3cecdf897ccf178f99b115d63d) which holds the above files. +One example of how this works was in v1.0.1 of `vs-asyncapi-preview` extension, which had an `npm install GitHub:asyncapi/cli#2efa4dff59bc3d3cecdf897ccf178f99b115d63d` pointing to a [commit in a malicious fork](https://github.com/asyncapi/cli/commit/2efa4dff59bc3d3cecdf897ccf178f99b115d63d) which holds the above files.
20-32: Fix markdown formatting in incident timeline (MD036, MD007).The timeline section has two formatting violations flagged by markdownlint:
- Line 22: The date should be a heading (
### Mon, 24 Nov 2025) rather than emphasis text.- Lines 23–32: Timeline items have 2-space indentation; they should have 0-space indentation (lists start at column 0).
Apply this diff:
## Incident Timeline - **Mon, 24 Nov 2025** - - `03:58:47 UTC` — Pushing of malicious package versions to the NPM registry. - - `10:02:00 UTC` — [Report by Charlie Eriksen](https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains) from Aikido about compromised packages. - - `10:32:00 UTC` — Acknowledgment of the issue by the AsyncAPI team, and communication initiated to inform the community. - - `10:42:00 UTC` — Initial investigation and revoking of NPM tokens. - - `10:58:00 UTC` — Reported the incident to the NPM security team and started deprecating affected packages, as unpublishing is not allowed with dependent packages. - - `11:46:00 UTC` — Action taken by the NPM security team to unpublish the malicious packages. - - `13:33:00 UTC` — Suspected leak found in [vs-asyncapi-preview](https://github.com/asyncapi/vs-asyncapi-preview), as malicious version (1.0.1) was pushed to [OpenVSX Registry](https://open-vsx.org/extension/asyncapi/asyncapi-preview) through report from [Yusuke Sugamiya](https://x.com/DNPP) - - `13:45:00 UTC` — Revoked OpenVSX token and reported to OpenVSX security team. - - `13:52:00 UTC` — OpenVSX team unpublished the malicious package version. - - `15:45:00 UTC` — Incident report writing started. +### Mon, 24 Nov 2025 +- `03:58:47 UTC` — Pushing of malicious package versions to the NPM registry. +- `10:02:00 UTC` — [Report by Charlie Eriksen](https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains) from Aikido about compromised packages. +- `10:32:00 UTC` — Acknowledgment of the issue by the AsyncAPI team, and communication initiated to inform the community. +- `10:42:00 UTC` — Initial investigation and revoking of NPM tokens. +- `10:58:00 UTC` — Reported the incident to the NPM security team and started deprecating affected packages, as unpublishing is not allowed with dependent packages. +- `11:46:00 UTC` — Action taken by the NPM security team to unpublish the malicious packages. +- `13:33:00 UTC` — Suspected leak found in [vs-asyncapi-preview](https://github.com/asyncapi/vs-asyncapi-preview), as malicious version (1.0.1) was pushed to [OpenVSX Registry](https://open-vsx.org/extension/asyncapi/asyncapi-preview) through report from [Yusuke Sugamiya](https://x.com/DNPP) +- `13:45:00 UTC` — Revoked OpenVSX token and reported to OpenVSX security team. +- `13:52:00 UTC` — OpenVSX team unpublished the malicious package version. +- `15:45:00 UTC` — Incident report writing started.
🧹 Nitpick comments (1)
markdown/blog/shai-hulud-postmortem.md (1)
100-100: Rephrase awkward phrasing on line 100."Got to know about" is colloquial; consider clearer phrasing such as "We discovered" or "We became aware of."
Apply this diff:
-- Got to know about a [workflow with unsecured context](https://github.com/asyncapi/cli/blob/master/.github/workflows/auto-changeset.yml) in GitHub Actions. Although it is not the root cause here, we have fixed it to avoid any future risks in [PR #1909](https://github.com/asyncapi/cli/pull/1909) +- We discovered a [workflow with unsecured context](https://github.com/asyncapi/cli/blob/master/.github/workflows/auto-changeset.yml) in GitHub Actions. Although it is not the root cause here, we have fixed it to avoid any future risks in [PR #1909](https://github.com/asyncapi/cli/pull/1909)
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
markdown/blog/shai-hulud-postmortem.md(1 hunks)
🧰 Additional context used
🧠 Learnings (3)
📚 Learning: 2024-11-25T18:34:51.303Z
Learnt from: akshatnema
Repo: asyncapi/website PR: 3378
File: scripts/markdown/check-markdown.js:1-1
Timestamp: 2024-11-25T18:34:51.303Z
Learning: When reviewing `scripts/markdown/check-markdown.js`, optimizations should be addressed in separate issues and not included in the current pull request.
Applied to files:
markdown/blog/shai-hulud-postmortem.md
📚 Learning: 2024-10-18T17:24:45.053Z
Learnt from: anshgoyalevil
Repo: asyncapi/website PR: 3301
File: scripts/markdown/check-markdown.js:0-0
Timestamp: 2024-10-18T17:24:45.053Z
Learning: In `scripts/markdown/check-markdown.js`, the script is not run in an asynchronous environment, so refactoring it to use `async/await` is unnecessary.
Applied to files:
markdown/blog/shai-hulud-postmortem.md
📚 Learning: 2025-01-19T04:51:41.255Z
Learnt from: anshgoyalevil
Repo: asyncapi/website PR: 3557
File: tests/fixtures/markdown/check-edit-links-data.js:3-11
Timestamp: 2025-01-19T04:51:41.255Z
Learning: In the AsyncAPI website repository, the test data in `tests/fixtures/markdown/check-edit-links-data.js` intentionally includes inconsistent paths (with and without 'docs' prefix) to verify the script's ability to normalize and handle ambiguous path structures.
Applied to files:
markdown/blog/shai-hulud-postmortem.md
🪛 LanguageTool
markdown/blog/shai-hulud-postmortem.md
[uncategorized] ~42-~42: The official name of this software platform is spelled with a capital “H”.
Context: ...yncapi-previewextension, which had annpm install github:asyncapi/cli#2efa4dff59bc3d3cecdf897ccf...
(GITHUB)
[grammar] ~99-~99: Use a hyphen to join words.
Context: ...of failure. - Token rotation and limited scope tokens should be enforced. Our cur...
(QB_NEW_EN_HYPHEN)
🪛 markdownlint-cli2 (0.18.1)
markdown/blog/shai-hulud-postmortem.md
22-22: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
23-23: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
24-24: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
25-25: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
26-26: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
27-27: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
28-28: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
29-29: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
30-30: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
31-31: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
32-32: Unordered list indentation
Expected: 0; Actual: 2
(MD007, ul-indent)
44-44: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🔇 Additional comments (3)
markdown/blog/shai-hulud-postmortem.md (3)
1-16: Frontmatter is properly structured.The metadata formatting looks good with valid YAML, all required fields, and proper author attribution.
82-90: User remediation guidance is clear and actionable.The affected user section provides straightforward, practical steps with proper formatting and helpful references.
103-103: Contact information is properly formatted.The security contact email at the end provides a clear way for readers to reach out with questions or concerns.
Signed-off-by: Shurtu-gal <ashishpadhy1729@gmail.com>
Contributor
Author
This test fails intermittently: https://github.com/asyncapi/website/blob/master/tests/index.test.ts#L42 |
thulieblack
approved these changes
Nov 25, 2025
derberg
approved these changes
Nov 26, 2025
derberg
approved these changes
Nov 26, 2025
Member
|
/rtm |
princerajpoot20
added a commit
to princerajpoot20/website
that referenced
this pull request
Dec 30, 2025
commit 785c358 Author: Abhishek <abhiifour@gmail.com> Date: Fri Dec 26 18:24:01 2025 +0530 fix: horizontal scrollbar appearing in Tools flyout menu (asyncapi#4653) Co-authored-by: abhi <abhiifour@gmail.com> Co-authored-by: Prince Rajpoot <prince.rajpoot.20@gmail.com> commit 6521774 Author: DuskWarden <pawar96sameer@gmail.com> Date: Fri Dec 26 12:38:06 2025 +0530 fix: remove deprecated AddThis script and styles (asyncapi#4781) Co-authored-by: DuskWarden <pawar96sameer@gmail.com> commit a2fae36 Author: Chan <bot+chan@asyncapi.io> Date: Thu Dec 25 01:45:34 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4772) commit e917b0d Author: Chan <bot+chan@asyncapi.io> Date: Tue Dec 23 14:23:54 2025 +0100 docs(generator): update latest generator documentation (asyncapi#4719) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> Co-authored-by: V Thulisile Sibanda <66913810+thulieblack@users.noreply.github.com> commit ced4c27 Author: Chan <bot+chan@asyncapi.io> Date: Tue Dec 23 14:16:40 2025 +0100 docs(generator): update latest generator documentation (asyncapi#4718) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit 6676a43 Author: V Thulisile Sibanda <66913810+thulieblack@users.noreply.github.com> Date: Tue Dec 23 15:02:03 2025 +0200 chore(blog): add last summary (asyncapi#4699) Co-authored-by: thulieblack <sibanda.thulie@gmail.com> Co-authored-by: Ansh Goyal <anshgoyal1704@gmail.com> Co-authored-by: Lukasz Gornicki <lpgornicki@gmail.com> commit 65c10bb Author: Vishvamsinh Vaghela <90895835+vishvamsinh28@users.noreply.github.com> Date: Mon Dec 22 10:19:06 2025 +0530 feat: replace bitly urls with netlify redirect (asyncapi#4647) Co-authored-by: Vishvamsinh Vaghela <vaghelavishvamsinh11111@gmail.com> Co-authored-by: Prince Rajpoot <prince.rajpoot.20@gmail.com> Co-authored-by: V Thulisile Sibanda <66913810+thulieblack@users.noreply.github.com> Co-authored-by: Ansh Goyal <anshgoyal1704@gmail.com> commit f604d92 Author: Chan <bot+chan@asyncapi.io> Date: Mon Dec 22 01:47:53 2025 +0100 chore: update tools.json (asyncapi#4754) commit 624747e Author: DuskWarden <pawar96sameer@gmail.com> Date: Sun Dec 21 22:35:40 2025 +0530 fix: prevent background scroll when roadmap modal is open (asyncapi#4710) Co-authored-by: DuskWarden <pawar96sameer@gmail.com> Co-authored-by: Ansh Goyal <anshgoyal1704@gmail.com> commit 52eca18 Author: Shriya Chauhan <78415084+Shriya-Chauhan@users.noreply.github.com> Date: Sun Dec 21 21:59:40 2025 +0530 fix: fixes the failing CI/CD test in .github/workflows/if-nodejs-pr-testing.yml across all platforms (asyncapi#4735) Co-authored-by: Shriya-Chauhan <auroralflower@gmail.com> Co-authored-by: Ansh Goyal <anshgoyal1704@gmail.com> commit 3a1ca24 Author: Chan <bot+chan@asyncapi.io> Date: Fri Dec 19 01:45:53 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4742) commit 98637a0 Author: Chan <bot+chan@asyncapi.io> Date: Thu Dec 18 17:58:38 2025 +0100 docs(community): update latest community documentation (asyncapi#4733) commit a293c4f Author: Ashmit JaiSarita Gupta <43639341+devilkiller-ag@users.noreply.github.com> Date: Thu Dec 18 18:51:08 2025 +0530 feat: updated filters dropdown and created stories for it (asyncapi#3174) Co-authored-by: devilkiller-ag <ashmitgupta.official@gmail.com> Co-authored-by: asyncapi-bot <bot+chan@asyncapi.io> Co-authored-by: Rohit <108233235+TRohit20@users.noreply.github.com> Co-authored-by: Ansh Goyal <anshgoyal1704@gmail.com> Co-authored-by: Miles Porter <milesxporter@gmail.com> commit 1a97aff Author: Chan <bot+chan@asyncapi.io> Date: Thu Dec 18 10:23:59 2025 +0100 docs(community): update latest community documentation (asyncapi#4731) commit bc768aa Author: Chan <bot+chan@asyncapi.io> Date: Thu Dec 18 10:23:57 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4721) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit 25a3892 Author: Chan <bot+chan@asyncapi.io> Date: Thu Dec 18 01:44:36 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4730) commit b927d5d Author: Chan <bot+chan@asyncapi.io> Date: Wed Dec 17 17:05:08 2025 +0100 docs(cli): update latest cli documentation (asyncapi#4728) commit 83e282a Author: Chan <bot+chan@asyncapi.io> Date: Tue Dec 16 06:03:54 2025 +0100 chore: update tools.json (asyncapi#4715) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit 3c04219 Author: Chan <bot+chan@asyncapi.io> Date: Mon Dec 15 18:53:51 2025 +0100 docs(community): update latest community documentation (asyncapi#4716) commit 3d2ec88 Author: DuskWarden <pawar96sameer@gmail.com> Date: Mon Dec 15 09:46:16 2025 +0530 docs: fix broken community repository links (asyncapi#4600) Co-authored-by: DuskWarden <pawar96sameer@gmail.com> Co-authored-by: V Thulisile Sibanda <66913810+thulieblack@users.noreply.github.com> Co-authored-by: Chan <bot+chan@asyncapi.io> Co-authored-by: Prince Rajpoot <prince.rajpoot.20@gmail.com> commit 9c3dcd6 Author: Chan <bot+chan@asyncapi.io> Date: Sat Dec 13 01:45:08 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4707) commit eeed68c Author: Chan <bot+chan@asyncapi.io> Date: Fri Dec 12 01:45:00 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4696) commit 1e63086 Author: Chan <bot+chan@asyncapi.io> Date: Mon Dec 8 01:47:51 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4695) commit f6d7df5 Author: Chan <bot+chan@asyncapi.io> Date: Mon Dec 8 01:47:46 2025 +0100 chore: update tools.json (asyncapi#4692) commit 0dafc8b Author: Souryavardhan singh <144201791+Sourya07@users.noreply.github.com> Date: Sun Dec 7 17:17:33 2025 +0530 fix: ensure unique TOC slugs for repeated headings(Examples) (asyncapi#4593) Co-authored-by: Sourya07 <singhsourya137@gmail.com> Co-authored-by: Sambhav Gupta <81870866+sambhavgupta0705@users.noreply.github.com> commit a056c20 Author: Varshitha Besthavemula <152318309+batchu5@users.noreply.github.com> Date: Sun Dec 7 13:47:47 2025 +0530 chore: add php, laravel and symphony in tage-color.ts (asyncapi#4667) Co-authored-by: Varshitha Besthavemula <varshithabesthavemula@gmail.com> commit a677dc6 Author: Chan <bot+chan@asyncapi.io> Date: Fri Dec 5 17:52:47 2025 +0100 docs(community): update latest Board and TSC members list (asyncapi#4665) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit 4d06094 Author: Chan <bot+chan@asyncapi.io> Date: Fri Dec 5 17:38:09 2025 +0100 docs(generator): update latest generator documentation (asyncapi#4623) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit 127ac98 Author: Chan <bot+chan@asyncapi.io> Date: Fri Dec 5 17:23:49 2025 +0100 ci: update of files from global .github repo (asyncapi#4612) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit 56d5d41 Author: Chan <bot+chan@asyncapi.io> Date: Fri Dec 5 17:15:48 2025 +0100 docs(community): update latest maintainers list (asyncapi#4666) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit 3647eaa Author: Chan <bot+chan@asyncapi.io> Date: Fri Dec 5 17:05:44 2025 +0100 docs(community): update latest Board and TSC members list (asyncapi#4679) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit 962820d Author: Chan <bot+chan@asyncapi.io> Date: Fri Dec 5 16:58:33 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4633) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit 7ad740c Author: Chan <bot+chan@asyncapi.io> Date: Fri Dec 5 16:20:16 2025 +0100 docs(community): update latest maintainers list (asyncapi#4678) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit 222a622 Author: Chan <bot+chan@asyncapi.io> Date: Fri Dec 5 16:06:31 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4660) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit fea45f1 Author: Prince Rajpoot <prince.rajpoot.20@gmail.com> Date: Fri Dec 5 19:55:54 2025 +0530 chore: add Prince Rajpoot as codeowner (asyncapi#4628) commit 3fc64a4 Author: Chan <bot+chan@asyncapi.io> Date: Mon Dec 1 01:52:20 2025 +0100 chore: update tools.json (asyncapi#4654) commit 5f83885 Author: Chan <bot+chan@asyncapi.io> Date: Sun Nov 30 11:11:37 2025 +0100 docs(community): update latest Board and TSC members list (asyncapi#4651) commit fea633b Author: Chan <bot+chan@asyncapi.io> Date: Sun Nov 30 11:11:35 2025 +0100 docs(community): update latest maintainers list (asyncapi#4650) commit 4094d22 Author: Chan <bot+chan@asyncapi.io> Date: Wed Nov 26 11:24:47 2025 +0100 docs(generator): update latest generator documentation (asyncapi#4622) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit ad3d012 Author: Chan <bot+chan@asyncapi.io> Date: Wed Nov 26 11:00:29 2025 +0100 docs(community): update latest maintainers list (asyncapi#4626) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit 40b340f Author: Chan <bot+chan@asyncapi.io> Date: Wed Nov 26 09:58:18 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4637) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit 0291d0b Author: Ashish Padhy <ashishpadhy1729@gmail.com> Date: Wed Nov 26 14:18:37 2025 +0530 chore(blog): publish postmortem on recent security breach (asyncapi#4640) Co-authored-by: Shurtu-gal <ashishpadhy1729@gmail.com> Co-authored-by: V Thulisile Sibanda <66913810+thulieblack@users.noreply.github.com> commit ddc2d87 Author: Chan <bot+chan@asyncapi.io> Date: Tue Nov 25 01:41:32 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4641) commit 7accc24 Author: Chan <bot+chan@asyncapi.io> Date: Mon Nov 24 01:46:56 2025 +0100 chore: update tools.json (asyncapi#4639) commit 33db13d Author: Chan <bot+chan@asyncapi.io> Date: Sat Nov 22 01:41:38 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4635) commit d39efdf Author: Chan <bot+chan@asyncapi.io> Date: Fri Nov 21 13:56:32 2025 +0100 docs(community): update latest maintainers list (asyncapi#4620) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit 85ce754 Author: Chan <bot+chan@asyncapi.io> Date: Thu Nov 20 01:42:28 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4630) commit d9e34fc Author: Prince Rajpoot <prince.rajpoot.20@gmail.com> Date: Wed Nov 19 21:24:10 2025 +0530 migrate macOS version to macos-latest (asyncapi#4625) commit e63c6c3 Author: Chan <bot+chan@asyncapi.io> Date: Tue Nov 18 08:19:29 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4610) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit d861164 Author: Chan <bot+chan@asyncapi.io> Date: Tue Nov 18 07:42:50 2025 +0100 docs(generator): update latest generator documentation (asyncapi#4611) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit 47a9d92 Author: Chan <bot+chan@asyncapi.io> Date: Tue Nov 18 01:42:54 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4618) commit 7d42caf Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Nov 17 18:00:11 2025 +0100 chore(deps-dev): bump js-yaml from 3.14.1 to 3.14.2 (asyncapi#4616) commit f0127ac Author: Chan <bot+chan@asyncapi.io> Date: Mon Nov 17 09:19:31 2025 +0100 docs(community): update latest maintainers list (asyncapi#4606) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit dbad9ab Author: Pottabathini Vivekananda <145771776+nandu-99@users.noreply.github.com> Date: Mon Nov 17 13:22:45 2025 +0530 chore: update Slack invite link (asyncapi#4597) Co-authored-by: Pottabathini Vivekananda <vivekananda.99666@gmail.com> Co-authored-by: V Thulisile Sibanda <66913810+thulieblack@users.noreply.github.com> commit 14f2093 Author: Chan <bot+chan@asyncapi.io> Date: Mon Nov 17 01:44:37 2025 +0100 chore: update tools.json (asyncapi#4609) commit 0e9faba Author: Chan <bot+chan@asyncapi.io> Date: Sun Nov 16 17:19:09 2025 +0100 docs(community): update latest Board and TSC members list (asyncapi#4607) commit bd8cd1d Author: Chan <bot+chan@asyncapi.io> Date: Sun Nov 16 17:06:18 2025 +0100 docs(community): update latest maintainers list (asyncapi#4605) commit ace905f Author: Chan <bot+chan@asyncapi.io> Date: Sun Nov 16 16:55:27 2025 +0100 docs(community): update latest Board and TSC members list (asyncapi#4604) commit 964b958 Author: Chan <bot+chan@asyncapi.io> Date: Sun Nov 16 16:55:23 2025 +0100 docs(community): update latest maintainers list (asyncapi#4603) commit 085e697 Author: Anushka Sharan <111284729+anushkaaaaaaaa@users.noreply.github.com> Date: Sun Nov 16 12:52:19 2025 +0530 test: add e2e tests for docs and tools pages (asyncapi#4210) * test: add e2e tests for docs and tools pages * fix: minor fixes * test: update e2e test files * test: small changes * fix: small changes * minor change * minor chabge * feat: implement base classes in e2e tests * fix: enhance link verification methods * fix: update tools data import path in E2E tests * feat: add comprehensive tools data to toolsData.json * chore: format JSON structure in docsSections.json for consistency * chore: remove Glee section from docsSections.json * chore: update tools and docs navigation methods in HomePage class * refactor: replace verifyConceptSection with goToConceptsSection for consistency * refactor: enhance page verification methods in ToolsPage * refactor: update documentation links and headings in docsSections.json * refactor: improve link verification logic in ToolsPage * Add newline at end of meetings.json Fix missing newline at end of meetings.json file. * Fix JSON formatting in newsroom_videos.json * chore: add newline at the end of BasePageTools.js * docs: add Community Travel Funding guidelines * docs: update links to AsyncAPI tool documentation * docs: add manual tools building functionality and related tests * remve line * add line * smhtg --------- Co-authored-by: Sambhav Gupta <81870866+sambhavgupta0705@users.noreply.github.com> Co-authored-by: Rohit <108233235+TRohit20@users.noreply.github.com> commit b9c3673 Author: Chan <bot+chan@asyncapi.io> Date: Sun Nov 16 07:06:09 2025 +0100 chore: update tools.json (asyncapi#4562) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit fe60602 Author: Chan <bot+chan@asyncapi.io> Date: Sun Nov 16 01:45:57 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4596) commit 9a53cfa Author: DuskWarden <pawar96sameer@gmail.com> Date: Sat Nov 15 19:58:09 2025 +0530 docs: fix broken git-workflow.md links across repository (asyncapi#4585) * docs: fix broken git-workflow.md links Updated links to point to new location after community repo restructuring * revert: remove workflow file change as it is centrally managed --------- Co-authored-by: Chan <bot+chan@asyncapi.io> commit 5bfca09 Author: Chan <bot+chan@asyncapi.io> Date: Sat Nov 15 01:43:23 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4590) commit b87dd1b Author: Chan <bot+chan@asyncapi.io> Date: Fri Nov 14 01:45:37 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4584) commit 8cba652 Author: Chan <bot+chan@asyncapi.io> Date: Thu Nov 13 01:44:26 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4581) commit 722963b Author: Souryavardhan singh <144201791+Sourya07@users.noreply.github.com> Date: Wed Nov 12 21:09:00 2025 +0530 docs: broken link to new-tool-documentation.md in Tools documentation (asyncapi#4542) Co-authored-by: Sourya07 <singhsourya137@gmail.com> Co-authored-by: V Thulisile Sibanda <66913810+thulieblack@users.noreply.github.com> commit 4d0d969 Author: Chan <bot+chan@asyncapi.io> Date: Wed Nov 12 07:32:39 2025 +0100 docs(community): update latest community documentation (asyncapi#4574) commit 6aaecb1 Author: Chan <bot+chan@asyncapi.io> Date: Wed Nov 12 01:43:52 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4573) commit 406151e Author: Chan <bot+chan@asyncapi.io> Date: Tue Nov 11 01:44:03 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4568) commit be72df8 Author: Chan <bot+chan@asyncapi.io> Date: Mon Nov 10 01:47:43 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4563) commit cecd342 Author: Prince Rajpoot <prince.rajpoot.20@gmail.com> Date: Sun Nov 9 13:14:15 2025 +0530 feat: enable tools view regeneration at build time (asyncapi#4511) * Add support for tools view regeneration at PR level for manual tools * minor formatting change * minor improvement * minor change * Added test cases * minor improvement * added more assertions commit 445e7c1 Author: Anushka Sharan <111284729+anushkaaaaaaaa@users.noreply.github.com> Date: Fri Nov 7 21:58:31 2025 +0530 test: add E2E tests for home page, header and footer components (asyncapi#4194) * feat: add cypress for e2e testing * feat: add cypress for e2e testing * feat: demo cypress test * feat: header e2e tests * feat: footer e2e tests * feat: add e2e tests for homepage (and other regarding pages) * test: add test for docs button * fix: minor e2e tests fixes * ci: add e2e tests workflow * fix: e2e tests fix * fix: minor fixes * ci: minor fix * fix: minor fix * fix: another fix * ci: another minor fix * fix: final fix * fix: failing test fix * test: update tests to get rid of hardcoded links * fix: replace direct Cypress commands with homePage methods * ci: minor fix * fix: minor fix * ci: minor fix * ci: update dependencies * fix: small change * test: remove files from tsconfig * feat: implement base classes for each test file * fix: small change * fix: small change * fix: changes * feat: add centralized footer data and update footer validation tests * small change in footer.cy.js * refactor: simplify visit method in BasePage class * fix: correct import path for footer data in footer tests * refactor: fix lint issues in ToolsCard and ToolsDashboard components * refactor: revert changes in ToolsCard and ToolsDashboard components * small change * small change * fix(footer): update email contact in news links --------- Co-authored-by: Sambhav Gupta <81870866+sambhavgupta0705@users.noreply.github.com> Co-authored-by: Rohit <108233235+TRohit20@users.noreply.github.com> Co-authored-by: Ansh Goyal <anshgoyal1704@gmail.com> commit 167fbb9 Author: Chan <bot+chan@asyncapi.io> Date: Fri Nov 7 01:45:16 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4554) commit b5a86b7 Author: Chan <bot+chan@asyncapi.io> Date: Thu Nov 6 01:42:44 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4541) commit 4c5ecac Author: Chan <bot+chan@asyncapi.io> Date: Wed Nov 5 11:41:23 2025 +0100 docs(community): update latest community documentation (asyncapi#4539) commit 8688dc0 Author: V Thulisile Sibanda <66913810+thulieblack@users.noreply.github.com> Date: Wed Nov 5 11:22:05 2025 +0200 chore(blog): add October community summary (asyncapi#4512) Co-authored-by: thulieblack <sibanda.thulie@gmail.com> commit b4bdd8b Author: Chan <bot+chan@asyncapi.io> Date: Tue Nov 4 11:38:41 2025 +0100 docs(community): update latest Board and TSC members list (asyncapi#4532) commit 11414cc Author: Chan <bot+chan@asyncapi.io> Date: Tue Nov 4 11:38:37 2025 +0100 docs(community): update latest maintainers list (asyncapi#4531) commit 005177e Author: Chan <bot+chan@asyncapi.io> Date: Tue Nov 4 01:42:03 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4528) commit 9611f42 Author: Chan <bot+chan@asyncapi.io> Date: Mon Nov 3 01:46:28 2025 +0100 chore: update tools.json (asyncapi#4525) commit 053e5a6 Author: Chan <bot+chan@asyncapi.io> Date: Thu Oct 30 01:43:09 2025 +0100 chore: update meetings.json and newsrooom_videos.json (asyncapi#4516) commit 04921b1 Author: Lukasz Gornicki <lpgornicki@gmail.com> Date: Tue Oct 28 15:36:16 2025 +0100 chore: add content with case studies (asyncapi#4486) Co-authored-by: Lukasz Gornicki <lpgornicki@gmail.com> Co-authored-by: Ansh Goyal <anshgoyal1704@gmail.com> commit 6287929 Author: Chan <bot+chan@asyncapi.io> Date: Mon Oct 27 10:52:50 2025 +0100 docs(cli): update latest cli documentation (asyncapi#4510) commit e398ae7 Author: Chan <bot+chan@asyncapi.io> Date: Mon Oct 27 09:39:38 2025 +0100 ci: update LICENSE and NOTICE files from global .github repo (asyncapi#4509) commit 4788d4b Author: Chan <bot+chan@asyncapi.io> Date: Mon Oct 27 01:45:31 2025 +0100 chore: update tools.json (asyncapi#4508) commit d3c31cc Author: Chan <bot+chan@asyncapi.io> Date: Fri Oct 24 13:07:33 2025 +0200 docs(cli): update latest cli documentation (asyncapi#4504) commit a57da1f Author: Chan <bot+chan@asyncapi.io> Date: Fri Oct 24 02:40:29 2025 +0200 chore: update meetings.json and newsrooom_videos.json (asyncapi#4502) commit 304d2ae Author: Chan <bot+chan@asyncapi.io> Date: Wed Oct 22 02:42:59 2025 +0200 chore: update meetings.json and newsrooom_videos.json (asyncapi#4497) commit 6c974fc Author: Chan <bot+chan@asyncapi.io> Date: Tue Oct 21 13:26:10 2025 +0200 docs(community): update latest community documentation (asyncapi#4493) Co-authored-by: asyncapi-bot <info@asyncapi.io> commit b1787a0 Author: Chan <bot+chan@asyncapi.io> Date: Tue Oct 21 02:41:49 2025 +0200 chore: update meetings.json and newsrooom_videos.json (asyncapi#4492) commit 5733a74 Author: Chan <bot+chan@asyncapi.io> Date: Mon Oct 20 02:45:33 2025 +0200 chore: update tools.json (asyncapi#4490) commit 841a1d3 Author: Chan <bot+chan@asyncapi.io> Date: Fri Oct 17 06:12:55 2025 +0200 ci: update of files from global .github repo (asyncapi#4475) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit db754f6 Author: Chan <bot+chan@asyncapi.io> Date: Fri Oct 17 02:41:45 2025 +0200 chore: update meetings.json and newsrooom_videos.json (asyncapi#4487) commit 9de49c1 Author: Chan <bot+chan@asyncapi.io> Date: Thu Oct 16 02:41:23 2025 +0200 chore: update meetings.json and newsrooom_videos.json (asyncapi#4483) commit 6757477 Author: Chan <bot+chan@asyncapi.io> Date: Wed Oct 15 10:07:12 2025 +0200 docs(community): update latest tsc members list (asyncapi#4479) commit 568740e Author: Chan <bot+chan@asyncapi.io> Date: Wed Oct 15 02:42:05 2025 +0200 chore: update meetings.json and newsrooom_videos.json (asyncapi#4477) commit f33b0de Author: Chan <bot+chan@asyncapi.io> Date: Tue Oct 14 16:34:12 2025 +0200 docs(community): update latest Board and TSC members list (asyncapi#4472) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit 6a18edf Author: Sarthak Karode <sarthakkarodework@gmail.com> Date: Tue Oct 14 19:57:20 2025 +0530 docs: remove glee folder and update introduction-to-glee-a-spec-first-framework.md (asyncapi#4358) Co-authored-by: sarthakKarode <sarthakkarode@gmail.com> Co-authored-by: V Thulisile Sibanda <66913810+thulieblack@users.noreply.github.com> commit b215375 Author: Zbigniew Malcherczyk <zmalcherczyk@gmail.com> Date: Tue Oct 14 14:29:44 2025 +0200 chore(blog): add TransferGo <> AsyncAPI Blog Post (asyncapi#4434) Co-authored-by: Ferror <zmalcherczyk@gmail.com> Co-authored-by: V Thulisile Sibanda <66913810+thulieblack@users.noreply.github.com> Co-authored-by: Lukasz Gornicki <lpgornicki@gmail.com> commit 7480244 Author: Chan <bot+chan@asyncapi.io> Date: Tue Oct 14 14:18:15 2025 +0200 docs(community): update latest community documentation (asyncapi#4474) commit 7058fd5 Author: Chan <bot+chan@asyncapi.io> Date: Tue Oct 14 09:40:10 2025 +0200 docs(community): update latest maintainers list (asyncapi#4471) commit e18da3b Author: Chan <bot+chan@asyncapi.io> Date: Tue Oct 14 08:42:29 2025 +0200 docs(community): update latest maintainers list (asyncapi#4470) commit ac7e38b Author: Chan <bot+chan@asyncapi.io> Date: Mon Oct 13 18:04:36 2025 +0200 docs(community): update latest Board members list (asyncapi#4469) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit 1e3e8e8 Author: Chan <bot+chan@asyncapi.io> Date: Mon Oct 13 14:51:16 2025 +0200 docs(community): update latest tsc members list (asyncapi#4468) commit 8560539 Author: Chan <bot+chan@asyncapi.io> Date: Mon Oct 13 02:43:38 2025 +0200 chore: update tools.json (asyncapi#4467) commit 4fd7abd Author: Chan <bot+chan@asyncapi.io> Date: Sun Oct 12 02:42:39 2025 +0200 chore: update meetings.json and newsrooom_videos.json (asyncapi#4465) commit 19e3c34 Author: Chan <bot+chan@asyncapi.io> Date: Fri Oct 10 18:11:58 2025 +0200 docs(community): update latest community documentation (asyncapi#4462) commit 4b2284c Author: Chan <bot+chan@asyncapi.io> Date: Fri Oct 10 02:42:27 2025 +0200 chore: update meetings.json and newsrooom_videos.json (asyncapi#4461) commit 7affdb1 Author: Pastukhov Nikita <diementros@yandex.ru> Date: Fri Oct 10 02:45:03 2025 +0300 docs: fix FastStream tools dead links (asyncapi#4458) * docs: update FastStream tools link * docs: update FastStream tools links * chore: remove empty line * Update tools.json * Update tools-manual.json --------- Co-authored-by: Sambhav Gupta <81870866+sambhavgupta0705@users.noreply.github.com> commit 55d08d5 Author: Chan <bot+chan@asyncapi.io> Date: Mon Oct 6 02:41:28 2025 +0200 chore: update tools.json (asyncapi#4459) commit 3b4454f Author: V Thulisile Sibanda <66913810+thulieblack@users.noreply.github.com> Date: Fri Oct 3 11:45:21 2025 +0200 chore(blog): add the september summary (asyncapi#4438) Co-authored-by: thulieblack <sibanda.thulie@gmail.com> commit 2e4022c Author: Chan <bot+chan@asyncapi.io> Date: Fri Oct 3 02:39:43 2025 +0200 chore: update meetings.json and newsrooom_videos.json (asyncapi#4449) commit bfda003 Author: Chan <bot+chan@asyncapi.io> Date: Thu Oct 2 17:10:30 2025 +0200 docs(community): update latest community documentation (asyncapi#4444) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit dc85424 Author: Fran Méndez <fmvilas@gmail.com> Date: Thu Oct 2 16:43:56 2025 +0200 chore: replace press email with info email address (asyncapi#4443) Co-authored-by: Fran Méndez <fmvilas@gmail.com> Co-authored-by: Sambhav Gupta <81870866+sambhavgupta0705@users.noreply.github.com> commit 75cd925 Author: Chan <bot+chan@asyncapi.io> Date: Thu Oct 2 02:42:15 2025 +0200 chore: update meetings.json and newsrooom_videos.json (asyncapi#4442) commit 960a6b5 Author: Chan <bot+chan@asyncapi.io> Date: Wed Oct 1 21:38:20 2025 +0200 chore: update meetings.json, newsrooom_videos.json and dashboard.json (asyncapi#4426) Co-authored-by: asyncapi-bot <info@asyncapi.io> Co-authored-by: Eve <bot+eve@asyncapi.io> commit 4234dda Author: Chan <bot+chan@asyncapi.io> Date: Wed Oct 1 02:46:05 2025 +0200 chore: update meetings.json and newsrooom_videos.json (asyncapi#4441) commit d4a1175 Author: Chan <bot+chan@asyncapi.io> Date: Tue Sep 30 02:43:19 2025 +0200 chore: update meetings.json and newsrooom_videos.json (asyncapi#4440) commit 231498d Author: Chan <bot+chan@asyncapi.io> Date: Mon Sep 29 02:42:47 2025 +0200 chore: update tools.json (asyncapi#4439) commit 42eac67 Author: Chan <bot+chan@asyncapi.io> Date: Sun Sep 28 02:43:54 2025 +0200 chore: update meetings.json and newsrooom_videos.json (asyncapi#4437) commit 0be788f Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri Sep 26 21:58:26 2025 +0200 chore(deps): bump tar-fs (asyncapi#4436) commit c19543b Author: Chan <bot+chan@asyncapi.io> Date: Fri Sep 26 02:39:08 2025 +0200 chore: update meetings.json and newsrooom_videos.json (asyncapi#4435) commit 9a8c037 Author: Chan <bot+chan@asyncapi.io> Date: Thu Sep 25 12:54:38 2025 +0200 docs(community): update latest community documentation (asyncapi#4432) commit 54b7241 Author: Zbigniew Malcherczyk <zmalcherczyk@gmail.com> Date: Thu Sep 25 09:55:27 2025 +0200 chore: initial TransferGo CaseStudy (asyncapi#4409) Co-authored-by: Ferror <zmalcherczyk@gmail.com> Co-authored-by: Lukasz Gornicki <lpgornicki@gmail.com> commit 78769a8 Author: Chan <bot+chan@asyncapi.io> Date: Wed Sep 24 02:40:34 2025 +0200 chore: update meetings.json and newsrooom_videos.json (asyncapi#4431) commit 1ac8db4 Author: Chan <bot+chan@asyncapi.io> Date: Tue Sep 23 02:40:29 2025 +0200 chore: update meetings.json and newsrooom_videos.json (asyncapi#4430) commit 9791f0d Author: Chan <bot+chan@asyncapi.io> Date: Mon Sep 22 02:43:56 2025 +0200 chore: update tools.json (asyncapi#4429)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Related issue(s)
Summary by CodeRabbit
✏️ Tip: You can customize this high-level summary in your review settings.