nextmove-mcp npm package carried Shai-Hulud

nextmove-mcp was one of the MCP-related package names caught in the May 2026 Shai-Hulud wave. JFrog listed five affected npm releases under the nextmove-mcp name during the May 11-12 TeamPCP window.

MCP and agent packages often run close to developer automation, local credentials, and service integrations. That made them useful distribution surfaces for Shai-Hulud: the malware did not need to compromise an application server if it could execute during package installation on a machine that already held tokens.

This page keeps nextmove-mcp separate from the campaign rollup so responders have a concrete inventory indicator. The campaign record explains the shared loader, infrastructure, credential theft, and propagation behavior; this record preserves the package name, affected releases, dates, and npm URLs.

Any matching install should be treated as host exposure. Build caches, local npm caches, lockfiles, and CI logs are all relevant evidence because the payload's opportunity was the install event itself, not long-term use of the package.

Motive

Credential Theft

Attribution

Group

Cause

Compromised Account Credentials

Transitive

Yes

Actor

TeamPCP

• Minimal campaign-linked record created to keep Shai-Hulud package evidence scoped by vendor, organization, maintainer account, or package distribution surface.

• Shai-Hulud: Here We Go Again - Worm by TeamPCP Hits NPM and PyPIresearch.jfrog.com