DraftAuth npm packages carried Shai-Hulud

DraftAuth was a two-package slice of the May 2026 Shai-Hulud wave. JFrog listed malicious releases for @draftauth/client and @draftauth/core, giving the attacker both a client-facing package name and a core library surface inside the same npm namespace.

That namespace matters because authentication packages tend to live near secrets. Even when a package is only installed during build or test, the environment often contains npm tokens, GitHub credentials, cloud configuration, and service keys. Shai-Hulud's value came from harvesting that context and using any publisher access it found to continue the spread.

This page separates DraftAuth from the campaign aggregate so responders can answer a package-level question: did any system install the listed DraftAuth releases during the May 11-12 window? The broader campaign record explains TeamPCP's shared loader, infrastructure, and self-propagation behavior.

Cleanup should follow the installation path, not just the application dependency graph. Lockfiles, CI caches, local npm caches, and artifact mirrors can all prove exposure. Any matching environment should be treated as a potential credential source and reviewed before new packages are published from it.

Motive

Credential Theft

Attribution

Group

Cause

Compromised Account Credentials

Transitive

Yes

Actor

TeamPCP

• Minimal campaign-linked record created to keep Shai-Hulud package evidence scoped by vendor, organization, maintainer account, or package distribution surface.

• Shai-Hulud: Here We Go Again - Worm by TeamPCP Hits NPM and PyPIresearch.jfrog.com