- More than 600 malicious npm packages were published in a coordinated supply chain attack linked to TeamPCP’s Shai-Hulud campaign
- The attackers compromised ecosystems including TanStack, Mistral, and antv, and introduced infostealers and persistence mechanisms into developer environments
- Developers are advised to roll back to secure versions released before May 18 and rotate any exposed credentials
Cybercriminals released more than 600 malicious packages to the npm registry in a coordinated software supply chain attack linked to the Shai-Hulud campaign.
Several security organizations, including Socket, confirmed that on May 19, 2026, in just one hour, malicious actors managed to release 639 versions of 323 unique packages on npm, targeting software developers, open source maintainers, organizations running CI/CD pipelines, and anyone else who downloaded or relied on compromised npm.
Shai-Hulud is a malware campaign carried out by a threat actor known as TeamPCP. By stealing login credentials and access tokens, the criminals gain access to legitimate packages and update them to push infostealer malware, grab credentials, and compromise CI/CD environments.
High downstream risk
So far, TeamPCP has compromised an unknown number of npm packages, but we know that at least some of them are from TanStack-related and Mistral-related ecosystems – with OpenAI one of the companies that confirmed they suffered exposure as a result of the Shai-Hulud campaign.
In the latest attack, the threat actors targeted the antv ecosystem, where thousands of GitHub repositories were later automatically created using stolen credentials. The campaign also introduced fake-like package origin signatures and new persistence mechanisms targeting VS Code and Claude Code environments.
The report does not say how many times the malicious package versions were actually downloaded, but it does emphasize the normal popularity of some affected packages. For example, the jest-canvas-mock package gets about 10 million monthly downloads, which suggests that the attack surface is extremely large.
Security researchers stressed that the full impact of the campaign is not yet known, mostly because we don’t know the number of downstream infections. However, supply-chain attacks like this can be particularly dangerous, as just one compromised maintainer account can affect thousands of projects through automated package updates.
Developers who downloaded infected packages should remove or roll back to secure versions published before May 18, as well as rotate any potentially exposed credentials.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
