Supply Chain Attack: TeamPCP's Mini Shai-Hulud Exploits Trusted Publishing to Compromise 160+ npm Packages

A sophisticated npm supply chain attack, codenamed Mini Shai-Hulud and attributed to the threat actor TeamPCP, has compromised over 160 packages, according to cybersecurity community reports. The campaign represents a notable escalation in software supply chain threats, moving beyond conventional typosquatting techniques to exploit core development infrastructure. Among those affected are components within the TanStack and Mistral ecosystems, raising concerns about downstream exposure across projects that depend on these widely-used libraries.

What distinguishes this attack is its abuse of GitHub Actions cache poisoning combined with trusted publishing and OpenID Connect (OIDC) workflows. Rather than simply uploading malicious code, the threat actor manipulated the build and publication pipeline itself, causing malicious packages to appear as legitimately constructed and signed artifacts. This approach allows the compromised packages to pass verification checks that would normally flag suspicious uploads, making detection significantly more difficult for package maintainers and security teams.

The technique signals a new frontier in software supply chain attacks, where trust mechanisms designed to secure the open-source development pipeline become the attack vector. Security researchers warn that the abuse of trusted publishing workflows could set a precedent for similar campaigns targeting other package registries and ecosystems. Organizations relying on affected packages should review their dependency trees, verify build pipelines for unauthorized modifications, and consider pinning dependencies to known-good versions until the threat is fully remediated.