A threat actor known as TeamPCP is using leaked Shai-Hulud malware to infect npm packages and steal developer credentials.
This campaign targets the foundational tools developers use to build applications. By compromising the supply chain, attackers can gain access to private keys and credentials, potentially opening doors to larger corporate networks.
The attack follows the leak of the Shai-Hulud worm's source code last week. Malicious packages began appearing over the weekend in early May 2026 [1, 2]. The threat actor specifically targeted the npm package index and related GitHub repositories.
Security researchers found that the campaign heavily targeted the TanStack ecosystem. While some reports indicate dozens of TanStack packages were compromised [3], other data suggests hundreds of npm packages across the broader index were affected [4]. This discrepancy highlights the rapid spread of the worm across different dependency trees.
The malware functions as an infostealer designed to harvest credentials for further malicious use or resale [5, 6]. By embedding the code into legitimate-looking packages, the attackers ensure the malware is automatically downloaded by developers during routine project updates.
The use of leaked source code allows lower-skill threat actors to deploy sophisticated tools. In this case, the Shai-Hulud clones were deployed quickly after the code became public, demonstrating how leak-driven campaigns can scale in a matter of days.
“A threat actor known as TeamPCP is using leaked Shai-Hulud malware to infect npm packages”
This incident underscores the volatility of the open-source ecosystem, where a single leak of sophisticated malware can be weaponized almost instantly. The targeting of the TanStack ecosystem shows that attackers are prioritizing high-traffic libraries to maximize their reach. For developers, this reinforces the necessity of using lockfiles and security auditing tools to verify the integrity of third-party dependencies.
