Mini Shai-Halud hackers publish over 600 compromised npm packages — developers warned to be on their guard

News
By published

The Shai-Hulud campaign continues, now affecting hundreds of new packages

  • More than 600 malicious npm packages were published in a coordinated supply‑chain attack linked to TeamPCP’s Shai‑Hulud campaign
  • The attackers compromised ecosystems including TanStack, Mistral, and antv, introducing infostealers and persistence mechanisms in developer environments
  • Developers are advised to roll back to safe versions released before May 18 and rotate any exposed credentials

Cybercriminals published more than 600 malicious packages to the npm registry in a coordinated software supply-chain attack linked to the Shai-Hulud campaign.

Multiple security organizations, including Socket, confirmed that on May 19 2026, in just one hour, malicious actors managed to publish 639 versions of 323 unique packages on npm, targeting software developers, open-source maintainers, organizations running CI/CD pipelines, and everyone else who downloaded, or depends, on the compromised npm packages.

Shai-Hulud is a malware campaign conducted by a threat actor known as TeamPCP. By stealing login credentials and access tokens, the miscreants access legitimate packages and update them to push infostealer malware, grabbing credentials, and compromising CI/CD environments.

Latest Videos From

Major downstream risk

So far, TeamPCP compromised an undisclosed number of npm packages, but we know that at least some of them are from TanStack-related and Mistral-related ecosystems - with OpenAI one of the companies that confirmed suffering exposure as a result of the Shai-Hulud campaign.

In the latest attack, the threat actors targeted the antv ecosystem, into which thousands of GitHub repositories were later automatically created using stolen credentials. The campaign also introduced fake-looking package provenance signatures and new persistence mechanisms targeting VS Code and Claude Code environments.

The report does not say how many times the malicious package versions were actually downloaded, but it does stress the normal popularity of some affected packages. For example, the jest-canvas-mock package gets around 10 million monthly downloads, which suggests that the attack surface is extremely large.

Security researchers stressed that the full impact of the campaign is not yet known, mostly because we don’t know the number of downstream infections. However, supply-chain attacks like this one can be particularly dangerous, as just one compromised maintainer account can affect thousands of projects through automated package updates.

Developers who downloaded infected packages should remove or roll back to safe versions published before May 18, as well as rotate any potentially exposed credentials.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.