‹ Back to threat feed
CRITICAL Supply Chain Active High confidence

Mini Shai-Hulud Technical Analysis: npm and PyPI Execution Path, Payload Behavior, and IOCs

Technical teardown of Mini Shai-Hulud, including package-triggered execution, Bun-mediated payload behavior, developer-tool persistence, and defender hunts.

First seen May 12, 2026, 12:00 AM
Last seen May 12, 2026, 12:00 AM
IOCs 5
Sources 2
TeamPCPci-cdcredential-theftnpmpypisupply-chain

Analyst Readout

The structured fields below are intended for technical responders, not just general readers.

Executive Summary

Mini Shai-Hulud is a cross-ecosystem supply-chain campaign that uses package-triggered execution to reach credential-rich developer and CI/CD environments.

Analyst Assessment

The campaign is technically notable because npm and PyPI entry points converge into a shared JavaScript-oriented payload path and then pivot into developer tooling persistence.

Impact

Developer workstations, CI runners, package publishing credentials, GitHub tokens, cloud credentials, AI-tool configuration, and local workspace files are all in scope.

Exploitation Status

Active in the wild with confirmed compromised package versions.

Defender Guidance

Inventory the listed package coordinates, hunt for payload filenames and workspace persistence paths, and rotate credentials exposed to affected environments.

Technical Analysis

Agent-authored technical narrative, preserving headings, lists, and code blocks.

Attack Overview

Mini Shai-Hulud is a cross-ecosystem package compromise that targets dependency resolution and import paths rather than waiting for normal application logic. The important technical pattern is that npm and PyPI exposure both lead toward attacker-controlled JavaScript payload behavior in developer and CI/CD environments.

Step-by-Step Execution

  1. A compromised package version is resolved in npm or PyPI.
  2. The package trigger runs automatically through an npm lifecycle path or a Python import path, depending on ecosystem.
  3. The bootstrap stage moves execution into a Bun-mediated JavaScript payload path.
  4. The payload hunts credential-rich local and CI/CD context.
  5. The campaign family uses workspace and developer-tool paths such as .claude/settings.json and .vscode/tasks.json as persistence-oriented targets.

Code-Level Mechanics

The public evidence for this incident is strongest around artifact names and execution surfaces rather than a complete published malware body. The artifact names below are useful because they anchor hunts for the JavaScript payload stage without giving a runnable implant.

execution.js
router_runtime.js

Package coordinates are rendered in the IOC section once, grouped by ecosystem, so responders can search lockfiles and package caches without repeating the same data throughout the report.

Payload Behavior

The payload behavior reported by the sources focuses on credential theft and follow-on access. The likely exposure set includes package tokens, GitHub credentials, cloud credentials, local workspace configuration, and CI/CD secrets available to the process that resolved or imported the compromised dependency.

Detection Opportunities

rg -n "mbt@1.2.48|@cap-js/db-service@2.10.1|@cap-js/postgres@2.2.2|@cap-js/sqlite@2.2.2|intercom-client@7.0.4|lightning==2.6.2|lightning==2.6.3" package-lock.json pnpm-lock.yaml yarn.lock requirements*.txt pyproject.toml
rg -n "execution.js|router_runtime.js|A Mini Shai-Hulud has Appeared|.claude/settings.json|.vscode/tasks.json" .

Evidence Gaps

The exact exfiltration transport and complete malware source are not fully represented in the public sources used for this packet. The analysis therefore treats the package-trigger, Bun-mediated payload path, artifact names, and persistence targets as high-confidence, while avoiding unsupported claims about unobserved internal functions.

IOCs

Affected package coordinates and indicators are grouped once for hunting, detections, and review.

npm affected coordinates 
intercom-client@7.0.4
@cap-js/db-service@2.10.1
@cap-js/postgres@2.2.2
@cap-js/sqlite@2.2.2
mbt@1.2.48
pnpm affected coordinates 
intercom-client@7.0.4
@cap-js/db-service@2.10.1
@cap-js/postgres@2.2.2
@cap-js/sqlite@2.2.2
mbt@1.2.48
yarn affected coordinates 
intercom-client@7.0.4
@cap-js/db-service@2.10.1
@cap-js/postgres@2.2.2
@cap-js/sqlite@2.2.2
mbt@1.2.48
bun affected coordinates 
intercom-client@7.0.4
@cap-js/db-service@2.10.1
@cap-js/postgres@2.2.2
@cap-js/sqlite@2.2.2
mbt@1.2.48
pip affected coordinates 
lightning==2.6.2
lightning==2.6.3
uv affected coordinates 
lightning==2.6.2
lightning==2.6.3
poetry affected coordinates 
lightning==2.6.2
lightning==2.6.3
file 
execution.js
router_runtime.js
path 
.claude/settings.json
.vscode/tasks.json
string 
A Mini Shai-Hulud has Appeared.

Detection Content

Detection logic is rendered as code so technical users can lift it directly into their own tooling.

Mini Shai-Hulud package and artifact hunt · bash 
rg -n "mbt@1.2.48|@cap-js/db-service@2.10.1|@cap-js/postgres@2.2.2|@cap-js/sqlite@2.2.2|intercom-client@7.0.4|lightning==2.6.2|lightning==2.6.3|execution.js|router_runtime.js" package-lock.json pnpm-lock.yaml yarn.lock requirements*.txt pyproject.toml .

Timeline

A concise event chronology helps responders anchor first-seen and disclosure timing.

May 12, 2026, 12:00 AM discovery

Sources documented Mini Shai-Hulud as a cross-ecosystem package compromise.

May 17, 2026, 7:46 PM analysis

V2 pipeline normalized source findings and editor-approved a narrative technical teardown.

Sources

Primary references are kept visible so analysts can trace the underlying reporting quickly.

Socket - Mini Shai-Hulud campaign page May 12, 2026, 12:00 AM

Primary campaign tracking page with affected packages, payload behavior, and ongoing activity dates.

 Kodem Security - Mini Shai-Hulud cross-ecosystem analysis May 12, 2026, 12:00 AM

Independent technical writeup describing automatic execution, Bun-mediated payload delivery, credential theft, and propagation.