Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain

Mini Shai-Hulud is an active, worm-like malware campaign compromising npm packages—primarily in the TanStack ecosystem—to steal credentials from developer machines and CI/CD runners and then abuse maintainer publishing credentials and trusted release workflows to push trojanized updates; researchers have identified hundreds of malicious package versions and warn the campaign leverages obfuscation, Bun-based execution, IDE persistence, and CI/OIDC abuse to increase propagation and impact.