Open Source 2026-05-11 · 1 day ·Credential Theft, Self Propagation

DraftAuth npm packages carried Shai-Hulud

Part of the Shai-Hulud hits npm and PyPI campaign

JFrog listed 2 DraftAuth npm packages in the May 2026 Shai-Hulud wave. This record scopes those artifacts to their own official distribution surface.

Story

DraftAuth was a two-package slice of the May 2026 Shai-Hulud wave. JFrog listed malicious releases for @draftauth/client and @draftauth/core, giving the attacker both a client-facing package name and a core library surface inside the same npm namespace.

That namespace matters because authentication packages tend to live near secrets. Even when a package is only installed during build or test, the environment often contains npm tokens, GitHub credentials, cloud configuration, and service keys. Shai-Hulud's value came from harvesting that context and using any publisher access it found to continue the spread.

This page separates DraftAuth from the campaign aggregate so responders can answer a package-level question: did any system install the listed DraftAuth releases during the May 11-12 window? The broader campaign record explains TeamPCP's shared loader, infrastructure, and self-propagation behavior.

Cleanup should follow the installation path, not just the application dependency graph. Lockfiles, CI caches, local npm caches, and artifact mirrors can all prove exposure. Any matching environment should be treated as a potential credential source and reviewed before new packages are published from it.

Affected Artifacts

Incident Context

Motive
Credential Theft
Attribution
Group
Cause
Compromised Account Credentials
Transitive
Yes
Actor
TeamPCP

Notes

  • Minimal campaign-linked record created to keep Shai-Hulud package evidence scoped by vendor, organization, maintainer account, or package distribution surface.

External References

Source record: oss/attacks/shai-hulud-draftauth-npm/meta.yaml