Mini Shai-Halud hackers publish over 600 compromised npm packages — developers warned to be on their guard
- More than 600 malicious NPM packages were released in a coordinated supply chain attack linked to TeamPCP’s Shai-Hulud campaign.
- Attackers have compromised ecosystems such as TanStack, Mistral and antv, introducing information stealers and persistence mechanisms into development environments.
- Developers are advised to revert to secure versions released before May 18 and rotate any exposed credentials.
Cybercriminals published more than 600 malicious packages to the npm registry in a coordinated software supply chain attack linked to the Shai-Hulud campaign.
Multiple security organizations, including Socket, have confirmed that on May 19, 2026, in just one hour, malicious actors managed to release 639 versions of 323 unique packages to npm, targeting software developers, open source maintainers, organizations running CI/CD pipelines, and anyone who downloaded or depends on the compromised npm packages.
Shai-Hulud is a malware campaign led by a malicious actor known as TeamPCP. By stealing login credentials and access tokens, attackers access and update legitimate packages to distribute infostealer malware, harvest credentials, and compromise CI/CD environments.
Major downstream risk
So far, TeamPCP has compromised an undisclosed number of npm packages, but we know that at least some of them come from ecosystems linked to TanStack and Mistral – OpenAI being one of the companies confirmed to have been exposed as a result of the Shai-Hulud campaign.
In the latest attack, the threat actors targeted the antv ecosystem, where thousands of GitHub repositories were then automatically created using stolen credentials. The campaign also introduced fake packet provenance signatures and new persistence mechanisms targeting VS Code and Claude Code environments.
The report does not specify how many times the malicious package versions were actually downloaded, but it highlights the normal popularity of some affected packages. For example, the jest-canvas-mock package is downloaded approximately 10 million times per month, suggesting that the attack surface is extremely large.
Security researchers stressed that the full impact of the campaign is not yet known, mainly because we don’t know the number of downstream infections. However, supply chain attacks like this can be particularly dangerous because a single compromised manager account can affect thousands of projects via automated package updates.
Developers who downloaded infected packages should remove or revert to secure versions released before May 18, as well as rotate any potentially exposed credentials.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
