New Shai-Hulud malware wave compromises 600 npm packages | The IT Nerd
The IT Nerd
Straight Talk About Information Technology From A Nerd Who Speaks English
" Father’s Day Gift Ideas That Score Big at Home from Epson
Security teams have growing blind spot in AI coding agents and attackers are already moving in "
New Shai-Hulud malware wave compromises 600 npm packages
Threat actors earlier today published more than 600 malicious packages to the npm index as part of a new Shai-Hulud supply-chain campaign. Most of the affected packages are in the @antv ecosystem, which includes libraries for charting, graph visualization, building flowcharts, and mapping.
Commenting on this news is Dan Moore, Sr. Director, CIAM Strategy & Identity Standards at FusionAuth :
"In the OIDC/OAuth security model, tokens are short-lived by design. OIDC assumes you authenticate for a specific operation and the token expires in a timely fashion. That’s what’s supposed to happen but in practice many CI/CD pipelines and services don’t yet use these.
What is scary about this attack is that OIDC tokens were abused and used to submit artifacts to Fulcio and Reko, core components of the Sigstore project. The Sigstore project is an ecosystem for signing/verifying software and is used by projects like Kubernetes and PyPI.
This latest Shai-Hulud attack is more dangerous than the previous TanStack breach. Previously, valid provenance attestations required hijacking the legitimate CI/CD pipeline. The attacker needed the real workflow to run, which is a significant effort. Now the malware generates Sigstore attestations directly from stolen OIDC tokens, without the pipeline at all. This is an attack on the root of supply chain security. Provenance verification no longer tells you what you think it tells you.
Unfortunately, short-lived OIDC tokens don’t solve everything. The real gap here is that "this package was built by the expected pipeline" became conflated with "this package is trustworthy." Closing that gap requires things like:
Verifying the build configuration hasn’t changed (not just that the build ran)
Checking commit signatures and authorship against expected maintainers
Detecting orphan commits from deleted forks
Pre-install script sandboxing
Consumer-side policy that doesn’t treat supply chain frameworks like SLSA as ground truth without considering the entire picture"
This example shows you just how important "trust but verify" is. That sort of thing worked for Ronald Regan. It should work for you as well.
Share this:
Email a link to a friend (Opens in new window)<br>Email
Print (Opens in new window)<br>Print
Share on Reddit (Opens in new window)<br>Reddit
Share on Tumblr (Opens in new window)<br>Tumblr
Share on LinkedIn (Opens in new window)<br>LinkedIn
Share on Pinterest (Opens in new window)<br>Pinterest
Share on Telegram (Opens in new window)<br>Telegram
Share on Facebook (Opens in new window)<br>Facebook
Share on WhatsApp (Opens in new window)<br>WhatsApp
Share on X (Opens in new window)
Like this:<br>Like Loading…
Related
This entry was posted on May 19, 2026 at 2:01 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.<br>You can leave a response, or trackback from your own site.
Leave a ReplyCancel reply
Powered by WordPress.com.
Discover more from The IT Nerd
Subscribe now to keep reading and get access to the full archive.
Type your email…
Subscribe
Continue reading
%d