shai-hulud-here-we-go-again
Shai-Hulud hits NPM and PyPI
Shai-Hulud: Here We Go Again was a May 2026 TeamPCP campaign affecting more than 170 npm packages and 2 PyPI packages with a combined package download volume above 200 million per week. This record tracks the broader npm campaign and the guardrails-ai PyPI package, beyond the separately tracked TanStack Router, OpenSearch, and mistralai package-scope incidents. The npm payload used preinstall loaders, Bun, GitHub Actions OIDC and runner-memory secret extraction, cloud, Kubernetes, Vault, local, and password-manager credential harvesting, GitHub and Session/Oxen exfiltration, npm self-propagation, and a destructive GitHub-token revocation monitor.
- Date
- 2026-05-11 to 2026-05-12
- Category
- Open Source
- Target Surface
- Package registry
- Insertion Phase
- CI/CD
- Impact
- Credential theft
- Cause
- CI/CD Exploit
What Was Affected
Compromised Versions
- 170+ npm unique packages in JFrog Appendix A, excluding separately tracked @tanstack/* packages
- @uipath/* packages
- @squawk/* packages
- @mistralai/mistralai@2.2.2, 2.2.3, 2.2.4
- @mistralai/mistralai-azure@1.7.1, 1.7.2, 1.7.3
- @mistralai/mistralai-gcp@1.7.1, 1.7.2, 1.7.3
- @opensearch-project/opensearch prereleases tracked separately
- guardrails-ai@0.10.1
Incident Context
- Motive
- Credential Theft
- Attribution
- TeamPCP
- Transitive
- Yes
- User Impact
- 200000000
- Observed Duration
- 1 days
Evidence
Compromised Artifacts
Indicators and Changes
Hashes
sha256:29c729852fce5a53e30a1541d9fec79c915b2e13f1eda94a5978cf0aae0d88d9sha256:2ec78d556d696e208927cc503d48e4b5eb56b31abc2870c2ed2e98d6be27fc96sha256:ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266csha256:d4a2086ea18f5e39cd867b8b06918a524eabb21d45ea98aad07357b98173458asha256:2a314ea8be337e1ca9ec833ed13ed854d9fd38bce0a519cf288f3bec8d9e6f30sha256:5245eb032e336b85cff0dbb3450d591826bf2ef214fd30d7eba1a763664e151b
External References
Source Data
Source record: oss/shai-hulud-here-we-go-again/meta.yaml