ML Toolkit TS npm packages carried Shai-Hulud

ML Toolkit TS was a three-package Shai-Hulud cluster. JFrog listed affected releases for @ml-toolkit-ts/preprocessing, @ml-toolkit-ts/xgboost, and ml-toolkit-ts, giving TeamPCP a foothold in machine-learning utility packages rather than only web application dependencies.

The technical risk still came from install-time execution. Development and training environments often carry cloud credentials, data-platform tokens, GitHub access, and package-registry credentials. In the Shai-Hulud wave, a compromised package install could harvest those secrets and use any available publish authority to continue the spread.

This record scopes the ML Toolkit TS artifacts as one trust boundary because the package names and versions are what defenders can search. The campaign page carries the common TeamPCP tooling, infrastructure, and self-propagation mechanics.

The cleanup question is whether the affected ML Toolkit TS versions reached a workstation, CI runner, notebook environment, or container build during May 11-12. A positive match should trigger credential rotation from a clean system and review of any package releases made from that environment.

Motive

Credential Theft

Attribution

Group

Cause

Compromised Account Credentials

Transitive

Yes

Actor

TeamPCP

• Minimal campaign-linked record created to keep Shai-Hulud package evidence scoped by vendor, organization, maintainer account, or package distribution surface.

• Shai-Hulud: Here We Go Again - Worm by TeamPCP Hits NPM and PyPIresearch.jfrog.com