safe-action npm package carried Shai-Hulud

safe-action was a small npm entry in the May 2026 Shai-Hulud campaign, with JFrog listing two affected releases: 1.0.3 and 1.0.4. The name is easy to overlook, but the package still represented an official registry surface that could execute attacker code during install.

Shai-Hulud's power came from where package managers run. A developer workstation or CI runner installing safe-action could expose npm tokens, GitHub credentials, cloud material, and other secrets before any application code imported the package. TeamPCP could then use those credentials to publish more compromised artifacts.

This record keeps the safe-action evidence package-scoped. The broader campaign page carries the shared tooling and infrastructure; this page preserves the package name, versions, dates, and npm distribution URLs needed for inventory checks.

Response should follow the install trail. A match in a lockfile, cache, build image, or CI log is enough to justify credential review, especially if the environment had package-publishing authority during the May 11-12 window.

Motive

Credential Theft

Attribution

Group

Cause

Compromised Account Credentials

Transitive

Yes

Actor

TeamPCP

• Minimal campaign-linked record created to keep Shai-Hulud package evidence scoped by vendor, organization, maintainer account, or package distribution surface.

• Shai-Hulud: Here We Go Again - Worm by TeamPCP Hits NPM and PyPIresearch.jfrog.com