{
  "title": "Mini Shai-Hulud Self-Propagating Software Supply Chain Worm",
  "summary": "Mini Shai-Hulud is a self-propagating npm/PyPI supply-chain worm. JFrog's May 12 and May 19 updates add a broader count of 170+ npm and 2 PyPI packages, a 323-package @antv wave, and a related @cap-js/openapi 1.4.1 variant.",
  "date": "2026-05-23",
  "severity": "critical",
  "tags": [
    "npm",
    "pypi",
    "supply-chain",
    "worm",
    "teampcp",
    "slsa",
    "credentials-theft"
  ],
  "sources_count": 14,
  "indicators": {
    "slug": "mini-shai-hulud-worm",
    "since": "2026-04-20T00:00:00Z",
    "until": "2026-05-23T23:59:59Z",
    "ecosystem": "npm, pypi npm registry, pypi",
    "cves": [],
    "cwes": [],
    "advisoryIds": [],
    "products": [],
    "packages": [
      "@tanstack/react-router",
      "@tanstack/vue-router",
      "@tanstack/solid-router",
      "@tanstack/react-start",
      "@tanstack/router-core",
      "@antv/g2",
      "@antv/g6",
      "@antv/x6",
      "@antv/l7",
      "@antv/s2",
      "@antv/f2",
      "echarts-for-react",
      "timeago.js",
      "size-sensor",
      "canvas-nest.js",
      "@sap/cds",
      "@sap/cds-dk",
      "opensearch-py",
      "lite-llm",
      "nx-console"
    ],
    "versions": [
      "@tanstack/react-router@1.169.5",
      "@tanstack/react-router@1.169.8",
      "@tanstack/vue-router@1.169.5",
      "@tanstack/vue-router@1.169.8",
      "@tanstack/solid-router@1.169.5",
      "@tanstack/solid-router@1.169.8",
      "@tanstack/react-start@1.167.68",
      "@tanstack/react-start@1.167.71",
      "@antv/g2@4.2.8",
      "@antv/g6@4.8.24",
      "nx-console@18.95.0",
      "@antv/* published 2026-05-19T01:39:00"
    ],
    "affectedVersions": [],
    "fixedVersions": [
      "nx-console@18.95.1"
    ],
    "files": [
      "router_init.js",
      "setup_bun.js",
      "bun_environment.js",
      "transformers.pyz",
      "gh-token-monitor"
    ],
    "paths": [],
    "services": [],
    "domains": [
      "filev2.getsession.org",
      "api.masscan.cloud",
      "git-tanstack.com",
      "t.m-kosche.com",
      "www.endorlabs.com",
      "www.microsoft.com",
      "www.sentinelone.com"
    ],
    "urls": [
      "https://filev2.getsession.org/upload",
      "https://api.masscan.cloud/ping",
      "https://www.endorlabs.com/blog/mini-shai-hulud-npm-worm-hits-sap-developer-packages",
      "https://tanstack.com/blog/postmortem-cve-2026-45321",
      "https://www.microsoft.com/en-us/security/blog/hunting-the-shai-hulud-supply-chain-worm",
      "https://www.sentinelone.com/blog/anatomy-of-cve-2026-45321"
    ],
    "ips": [],
    "hashes": [
      "ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c"
    ],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}