Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

New iterations of the Shai-Hulud supply chain attack have hit over 100 packages across the NPM and PyPI ecosystems, security researchers warn.

Since September 2025, the self-replicating worm has been used in multiple campaigns targeting the open source software (OSS) community, with a surge in attacks observed over the past several months, following the Trivy vulnerability scanner incident.

In mid-May, TeamPCP, the hacking group behind Shai-Hulud, released the worm’s source code, and the first clones emerged shortly after.

Starting June 1, new variants of Shai-Hulud were used as part of broad, coordinated attacks. The first was the Red Hat incident, in which 32 packages part of Red Hat’s Hybrid Cloud Console JavaScript ecosystem were infected.

The Miasma variant