New Shai-Hulud Miasma Wave Hits Hundreds of npm Packages

TL;DR: Sonatype Security Research reports a new Shai-Hulud “Miasma” wave impacting 281 npm package versions that abandon obvious preinstall/postinstall scripts and instead abuse binding.gyp/node-gyp at install time to execute code that harvests system, developer and CI/CD credentials, validates access, and can use stolen maintainer credentials to publish further malicious package versions; organizations with impacted installs should treat environments as potentially compromised and investigate and rotate credentials.