Welcome to the first minisode of Devolution where we dive into the devastating Shai-Hulud attack that shook the NPM ecosystem last year.

Nicky Pike breaks down how a self-replicating worm took control of over 25,000 GitHub repositories, exploiting a simple NPM command that every developer runs without thinking. From the rapid spread to its impact on household developer tools, this attack wasn’t just a breach, it was a full-blown software pandemic.

Listen in as we explore how this worm spread like wildfire, evaded detection, and the long-lasting implications it has on developer security. Get ready as we get into zero-day vulnerabilities and what we need to do to protect our development environments moving forward.

Don’t let the next Shai-Hulud catch you off guard.

In this episode, you’ll learn:

1. How Shai-Hulud started as a simple NPM command and evolved into a self-replicating worm.
2. Why big companies like PostHog and Trust Wallet were impacted despite having strong security measures, exposing critical vulnerabilities in their defenses.
3. What you can do next by rethinking your security models to protect against evolving threats like Shai-Hulud.

Episode highlights:
(00:00) 25,000 Repos in 72 Hours, What Happened?

(00:30) The First Self-Replicating NPM Worm

(01:00) Shai-Hulud 2.0 Goes Exponential

(02:00) How It Bypassed Security & Harvested Secrets

(03:00) 400K Secrets Exposed & the Trust Wallet Fallout

(04:15) Why Traditional Developer Security Failed

(05:00) What Teams Must Change Now

Resources:

• Widespread Supply Chain Compromise Impacting npm Ecosystem
• The Shai-Hulud 2.0 npm worm: analysis, and what you need to know
• Shai-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposing Secrets
• Post-mortem of Shai-Hulud attack on November 24th, 2025
• “Shai-Hulud” npm Attack: What You Need to Know
• Inside Shai-Hulud’s Maw: How The NPM Worm Exploits And Propagates

Marco Martinez went rogue and built a production-ready system with zero coding experience.

Six months ago, the only Python Marco knew was a really big snake. Now, as the Community Marketing Manager at Coder, he created a multi-agent system that monitors Discord, processes messages through Llama AI, and routes them to Slack for approval, then sends them back to Discord. And it’s heading to production.

In this episode, Marco shares how he solved a real business problem using AI and zero dev skills. He also shows us that vibe coding is the future and anyone can build software by simply tinkering with the right tools.

If you think you need to be a developer to build something impactful, this episode will show you how perfectly capable you are with the help of AI as a non-developer.

In this episode, you’ll learn:

1. Why non-developers should trust AI to handle the heavy lifting while they focus on solving problems
2. How embracing failure and iteration speeds up development and leads to better results
3. Why AI is a game-changer for anyone looking to create real solutions quickly

Things to listen for:

(00:00) Meet Marco Martinez

(02:48) Why Marco built the bot himself

(04:23) The problem with managing Discord messages

(08:39) How tinkering with AI led to development

(09:17) How AI democratizes software development

(12:30) Marco’s approach to vibe coding

(13:16) The rise of AI agents as partners

(14:41) Learning Git and the branching lesson

(19:15) Why PRDs made Marco’s workflow more efficient

(22:45) The power of PRDs for non-developers

(26:51) How AI sparked Marco’s interest in learning more tech

(30:45) How Marco chose Llama AI

(35:15) Moving from local development to cloud

(43:45) Marco’s plans to bring engineers for production

(46:52) Demonstrating the multi-agent system in action

(55:15) Using PRDs to speed up development

Resources:

Marco Martinez’s LinkedIn: https://www.linkedin.com/in/marcomartinez-marketingmanager/

Coder website: https://coder.com/

Caleb Washburn didn’t build his career on chasing shiny new tech.

From his years as an IT architect to his role as CTO and Founder at MomentumAI, Caleb’s focus has always been on solving real problems.

In this episode of [Dev]olution, Caleb challenges the current hype around Kubernetes, cloud costs, and AI tools, urging us to think beyond the latest trends.

With his extensive experience in enterprise solutions, Caleb dives deep into why many companies are getting burned by their cloud strategies and how they can build smarter, more scalable infrastructures. He explains that AI is really about finding the right solutions that actually support your business goals.

If you want to build a solid foundation for AI success, check out this episode.

In this episode, you’ll learn:

1. Why Kubernetes might not be the right tool for every enterprise
2. How to scale AI responsibly and avoid common infrastructure pitfalls
3. The importance of choosing the right technology for your company’s goals

Things to listen for:

(00:00) Meet Caleb Washburn

(02:10) Why Kubernetes might not be the right tool

(05:30) The real cost of cloud strategies and the danger of overspending

(09:45) Why AI isn't the magic solution it's cracked up to be

(13:15) How to evaluate the right tech for your business needs

(17:00) Avoiding the “shiny tool” trap in enterprise solutions

(21:10) Building smarter, scalable infrastructures for AI

(25:45) How AI can solve real problems, not just create more hype

(30:00) The importance of a solid foundation before scaling with AI

(35:30) Practical advice for developers working with AI tools

(40:00) Why cloud repatriation is happening and what it means for the future

(45:15) How enterprises can avoid common pitfalls when integrating AI

(50:00) Final thoughts: Navigating tech trends and focusing on outcomes

Resources:

Caleb Washburn’s LinkedIn: https://www.linkedin.com/in/calebwashburn/

MomentumAI website: https://www.momentumai.com/