Mini Shai-Hulud returns, compromising hundreds of npm packages

A self-replicating supply-chain worm named Mini Shai-Hulud, linked to threat actor TeamPCP, has resurfaced across hundreds of npm packages. It executes on install, harvests GitHub/npm tokens, SSH keys and cloud credentials, installs persistent backdoors in editor settings and as OS services, and uses compromised CI publishing tokens to propagate and publish poisoned packages; researchers warn that removing the package alone is insufficient and affected machines or runners should be treated as fully compromised.