Shai-Hulud Worm Clones Spread After Code Release

A financially motivated group (TeamPCP) published the Shai-Hulud worm source, and multiple near-verbatim clones have since appeared in the NPM ecosystem as typosquats and malicious packages that include infostealers and DDoS payloads; attackers can easily swap C2 endpoints and signing keys to run many variants simultaneously, posing a growing automated supply-chain threat to developer accounts, CI/CD pipelines, and open source trust.