Skip to content
Auto-CTI
Back to all deep dives
TENABLE BLOG

Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign

Strategic summary

"Mini Shai-Hulud" is a self-propagating supply chain worm that has breached over 170 npm and PyPI packages. It steals developer and cloud credentials and defeats SLSA Build Level 3 provenance attestation, a critical security control. Any system that installed a compromised package is considered fully compromised. The campaign has been active since September 2025 and uses CI/CD pipelines to spread exponentially.

Key findings

  • The worm has infected over 170 npm and PyPI packages, impacting organizations like OpenAI and Mistral AI.
  • For the first time, valid SLSA Build Level 3 provenance attestations were forged, rendering cryptographic integrity checks ineffective.
  • The malware self-propagates via compromised CI/CD pipelines and steals cloud and developer credentials.
  • Any environment that has installed an affected package should be treated as fully compromised.
  • The campaign has continuously evolved since September 2025, adapting to defensive measures.
ESC