TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages
The Mini Shai-Hulud worm is actively compromising legitimate npm packages by hijacking CI/CD pipelines and stealing developer secrets. The attack was first detected by StepSecurity in official @tanstack packages and is spreading across the npm ecosystem in real time.
- Disclosed
- Last updated
- Blast radius
- Multiple npm packages in the TanStack ecosystem and potentially spreading across npm
- Attack vectors
- Threat actor
- Affected entities
- @tanstackOfficial TanStack npm packages compromised
StepSecurity has detected an active supply chain attack using the Mini Shai-Hulud worm targeting the npm ecosystem. The malicious campaign compromises legitimate npm packages by hijacking their CI/CD pipelines and exfiltrating developer credentials and secrets.\n\nThe attack was first identified in official @tanstack packages. The worm appears to be self-spreading, capable of moving from one compromised package to others across the npm ecosystem.\n\nStepSecurity's OSS Package Security Feed is actively tracking the spread of this attack in real time, indicating the incident remains ongoing with potential for further compromises.
Indicators of compromise
- Packages
- @tanstack
Remediation
- Identify and audit all CI/CD pipeline configurations for the affected @tanstack packages and any packages that depend on them
- Rotate all developer credentials and secrets that may have been exposed
- Review npm account access logs and implement additional authentication controls (e.g., 2FA) for npm accounts
- Scan build systems and deployment infrastructure for signs of compromise or injected malicious code
- Subscribe to StepSecurity's OSS Package Security Feed for ongoing alerts about this campaign
- Audit package dependencies for compromised versions and update to clean releases
Sources
Cite this entry
"TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed May 12, 2026; last updated June 7, 2026. https://supplychainattack.org/incident/teampcp-s-mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-compromis-19lamt
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- activecritical
Shai-Hulud Worm Pivots to Multi-Cloud: intercom-client@7.0.4 Hijacked — 361,000 Weekly Downloads, AWS, GCP, and Azure Credentials Now in Scope
The Shai-Hulud worm has hijacked intercom-client@7.0.4 (361,510 weekly downloads) via a compromised GitHub Actions OIDC publishing pipeline, 29 hours after compromising mbt@1.2.48 and @cap-js/sqlite@2.2.2. The worm is actively propagating through CI/CD infrastructure stolen from earlier victims, targeting multi-cloud credentials (AWS, GCP, Azure).
Shai-HuludnpmOtherCompromised packageBuild-system compromiseAccount takeover - activecritical
The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave
TeamPCP conducted a multi-ecosystem supply chain compromise targeting the @antv package and associated development infrastructure. The attack leveraged GitHub, NPM, and VSCode to steal credentials and establish persistence mechanisms.
TeamPCPnpmOtherAccount takeoverCompromised packageMalicious maintainer - activecritical
Shai-Hulud: Here We Go Again. Mass npm Supply Chain Attack Hits the AntV Ecosystem
A new wave of the Mini Shai-Hulud worm has compromised multiple npm packages across Alibaba's AntV data visualization ecosystem, including echarts-for-react and timeago.js. Stolen CI/CD secrets are being exfiltrated and dumped to thousands of public GitHub repositories as the attack spreads.
Mini Shai HuludnpmOtherCompromised packageAccount takeover - activecritical
Malware in transportator
The npm package transportator contains malware that grants full system compromise to attackers. Any computer with this package installed or running should be considered fully compromised and all secrets and keys rotated immediately from a different machine.
npmCompromised package