Mini Shai-Hulud Worm Compromises 160+ npm Packages, Including Mistral
Key Takeaways
- ▸373 malicious package-version entries identified across 169 npm package names in the Mini Shai-Hulud campaign
- ▸Mistral's npm packages compromised (versions 2.2.2-2.2.4), including @mistralai/mistralai and @mistralai/mistralai-gcp
- ▸Malware targets npm tokens, GitHub credentials, cloud keys, and Kubernetes secrets in developer environments and CI/CD systems
Summary
A major supply chain security campaign, codenamed Mini Shai-Hulud, has compromised over 160 npm packages with 373 malicious package-version entries across the development ecosystem. The attack targets popular developer packages including those from AI company Mistral, as well as TanStack, UIPath, Squawk, and others, with the primary goal of stealing developer credentials and CI/CD pipeline access tokens. The malware is specifically engineered to run inside build systems, harvest npm and GitHub access credentials, and abuse trusted publishing paths to distribute further compromised packages.
This attack represents a significant escalation from an April campaign targeting SAP packages. The compromised packages span multiple major projects—most notably @tanstack with 83 malicious versions, @squawk with 87 versions, @uipath with 66 versions, and Mistral's @mistralai/mistralai packages with versions 2.2.2 through 2.2.4 affected. The malware specifically targets npm tokens, GitHub credentials, cloud authentication keys, Kubernetes service account tokens, and deployment secrets that are typically present in developer environments and CI/CD systems.
The widespread nature of the campaign and its focus on credential theft pose an urgent risk to thousands of development teams. Any organization using affected packages faces potential exposure of sensitive credentials that could enable further unauthorized access to their infrastructure and deployment pipelines.
- TanStack (83 versions), Squawk (87 versions), and UIPath (66 versions) among the most heavily affected
- Attack demonstrates sophisticated understanding of build pipelines and abuse of trusted package publishing mechanisms
Editorial Opinion
This attack represents a watershed moment for npm ecosystem security. The Mini Shai-Hulud campaign shows that malicious actors have evolved beyond package typosquatting and simple malware injection—they're now orchestrating sophisticated supply chain attacks that exploit the trust relationships embedded in development pipelines. The scale and targeting strategy suggests this is not opportunistic but carefully planned to maximize credential harvest and enable cascading attacks. The development community must treat npm package security with the same rigor applied to production infrastructure, with immediate focus on token rotation policies, build environment isolation, and real-time package integrity verification.
