Dirigible AI npm package carried Shai-Hulud

Dirigible AI appeared in the May 2026 Shai-Hulud list through @dirigible-ai/sdk. JFrog listed two affected npm releases, 1.1.12 and 1.1.13, placing the compromise inside an SDK distribution channel rather than a throwaway package name.

SDKs are useful supply-chain targets because they are installed by developers who are connecting services, credentials, and automation together. In the Shai-Hulud wave, TeamPCP used that install-time position to run credential-stealing code and look for tokens that could publish the next infected package.

This record scopes the Dirigible AI package as one compromised trust boundary. The campaign page carries the common malware behavior, infrastructure, and propagation model. This page keeps the artifact list precise enough for lockfile searches, package-cache review, and dependency-management alerts.

The key exposure question is whether any trusted environment resolved @dirigible-ai/sdk to the affected releases during May 11-12. If it did, the package install itself is the incident, regardless of whether the SDK was later imported by application code.

Motive

Credential Theft

Attribution

Group

Cause

Compromised Account Credentials

Transitive

Yes

Actor

TeamPCP

• Minimal campaign-linked record created to keep Shai-Hulud package evidence scoped by vendor, organization, maintainer account, or package distribution surface.

• Shai-Hulud: Here We Go Again - Worm by TeamPCP Hits NPM and PyPIresearch.jfrog.com