A new wave of the 'Mini Shai-Hulud' npm supply-chain attack has expanded from its earlier SAP-focused campaign to compromise 373 malicious package-version entries across 169 npm packages, including widely-used libraries from TanStack, Mistral AI, UiPath, Squawk, and others. The malware embeds obfuscated payload files (router_init.js) and adds a GitHub-hosted optional dependency with a prepare script that executes via Bun during npm install. The payload targets CI/CD environments to steal npm tokens, GitHub tokens, OIDC tokens, AWS credentials, Kubernetes service account tokens, and Vault secrets. After stealing credentials, it attempts to propagate by publishing new compromised versions of packages the victim has publish access to. Notably, the attack abuses trusted publishing (OIDC-based npm publish) so provenance records cannot be treated as proof of safety. Mitigation steps include checking lockfiles for affected package versions, searching for payload files, rotating all secrets from exposed environments, and auditing recent npm publish activity.
Table of contents
What HappenedAffected Packages And VersionsHow The New Wave WorksWhy Trusted Publishing Matters HereWhat The Payload Tries To StealWhat Changed From The SAP AttackDetection And MitigationIndicators Of CompromiseConclusionHow Aikido Detects ThisSort: