A fresh variant of the self-propagating Shai-Hulud npm worm was detected on April 30, 2026, reigniting concerns about autonomous supply chain attacks capable of evading traditional security controls. The malware, dubbed Mini Shai-Hulud, represents a significant escalation in technical sophistication compared to earlier iterations, combining credential harvesting with multiple propagation vectors designed to survive incident response efforts and poison downstream dependencies.
The latest variant employs a five-vector infection chain that moves beyond simple credential theft, according to supply chain monitoring research. Attackers deploy the Bun JavaScript runtime—a Node.js alternative—to bypass static analysis tools and sandbox detection, then execute an 11.7 MB obfuscated payload that includes dual social engineering layers impersonating both Claude AI and GitHub’s Dependabot at the code review level. Four SAP npm packages used across the SAP Cloud Application Programming model and Cloud Multitarget Application developer ecosystems have been confirmed compromised so far, though security researchers assess the attack surface extends beyond the immediate SAP ecosystem.
Unlike earlier Shai-Hulud campaigns—first detected in September 2025 and significantly escalated by November 2025—the Mini variant encrypts stolen data using a custom scheme that prevents incident response teams from determining what credentials or intellectual property were exfiltrated. The malware establishes persistence through VS Code and Claude Code auto-execution hooks in cloned repositories, creating trojanized packages published via stolen GitHub tokens that replicate independently even after the original infection vector is neutralized.
The April detection revealed that the payload performs full mirror clones of private repositories, capturing commit and branch history for potential downstream exploitation or extortion. The worm employs four separate propagation mechanisms—far exceeding the self-replication strategy of the original Shai-Hulud—allowing it to spread through pre-install hooks, post-install scripts, and GitHub Actions workflows. Palo Alto Networks’ Unit 42 has noted that earlier Shai-Hulud variants showed signs of LLM-generated components, a pattern continuing in the Mini variant.
Organizations using npm packages from affected ecosystems should verify package integrity, rotate GitHub and cloud credentials immediately, audit GitHub Actions workflows for unauthorized modifications, and monitor build logs for execution of suspicious JavaScript or shell commands. Security teams should query package managers for versions published between the estimated compromise window and yanking date, as poisoned branches and trojanized packages remain in circulation. The Shai-Hulud family represents one of the most severe JavaScript supply-chain attack campaigns observed, with no signs of the threat actor ceasing operations.