CISA is releasing this alert to provide guidance in response to a widespread software supply chain compromise involving the world’s largest JavaScript registry, npmjs.com.

A self-replicating worm—publicly known as “Shai-Hulud”—has compromised over 500 packages.

https://www.cisa.gov/news-events/alerts/2025/09/23/widespread-supply-chain-compromise-impacting-npm-ecosystem

Does the vulnerability described in the link impact SiteMinder components?

CA Siteminder: ALL versions

SiteMinder does not ship NPM (node package manager) within the components. Hence package-lock.json and yarn.lock files are not shipped along with SiteMinder.

Therefore the reported issue is not applicable to any components of SiteMinder of all versions.