TL;DR: In May 2026, the threat group TeamPCP ran three coordinated Mini Shai-Hulud waves through the npm registry: the TanStack compromise on May 11 (84 malicious versions across 42 packages in 6 minutes), the AntV mass attack on May 19 (300+ malicious versions across 323 packages in 22 minutes, with roughly 16 million weekly downloads in scope), and a typosquat wave on May 28 (14 malicious packages in 4 hours). The malware harvested credentials from more than 130 file paths covering AWS, GCP, Azure, Kubernetes, HashiCorp Vault, GitHub, and crypto wallets. For NC SMBs the takeaway is direct: if any vendor of yours writes or builds software, a poisoned npm package in their pipeline can leak your cloud keys.
Key takeaway: You do not have to run Node.js to be hit by an npm supply chain attack. If your web developer, ERP integrator, marketing automation partner, or M&A target uses npm, their compromise is your data-loss event.
Worried about what your software vendors are pulling into your environment? Preferred Data Corporation runs third-party software risk reviews and CI/CD hardening assessments for NC small businesses. Call (336) 886-3282 or request a vendor risk review.
What is the Mini Shai-Hulud npm attack?
Mini Shai-Hulud is a family of self-replicating npm supply chain attacks attributed to the threat group TeamPCP, named after the larger Shai-Hulud worm that hit npm in late 2025. The "mini" version, documented by Microsoft Threat Intelligence and Wiz Research, trojanizes legitimate npm packages with a post-install script that scans the developer's machine and CI/CD runner for cloud, source-control, and secret-manager credentials, then exfiltrates them to attacker infrastructure.
Three things make Mini Shai-Hulud different from the noise of typical npm typosquats:
- Speed and scale. The May 19 AntV wave pushed 300+ malicious versions across 323 packages in 22 minutes, according to Snyk research.
- Trust signals abused. The May 11 TanStack wave was, per the TanStack postmortem, the first npm attack to ship with valid SLSA provenance, the very signal defenders use to verify build integrity.
- CI/CD targeting. The payload is engineered for build pipelines and developer machines, not end-user browsers, so detection lags behind classic malware patterns.
What happened in May 2026 - three waves in three weeks?
May 2026 saw three back-to-back Mini Shai-Hulud waves, each refining the technique. Across all three waves, The Hacker News reporting and StepSecurity analysis confirm the same alias (vpmdhaj) and the same exfiltration logic.
| Wave | Date | Vector | Packages | Versions | Weekly downloads at risk | Time to push |
|---|---|---|---|---|---|---|
| Wave 1: TanStack | May 11, 2026 | Maintainer account takeover | 42 | 84 | Millions (router, query libraries) | 6 minutes |
| Wave 2: AntV | May 19, 2026 | Maintainer account takeover | 323 | 300+ | ~16 million | 22 minutes |
| Wave 3: Typosquats | May 28, 2026 | Lookalike package names | 14 | 14 | Targeted developers | 4 hours |
The AntV wave was especially damaging because echarts-for-react, with more than 1 million weekly downloads, was hit through the dependency cascade, even though it was not directly trojanized. That is the supply chain effect: one compromised dependency contaminates every project that pulls it in.
Quotable definition: A software supply chain attack is a breach that compromises a legitimate piece of software, a build tool, or an open-source dependency upstream of the victim, so that the victim is harmed simply by installing or updating something they already trusted.
How does a poisoned npm package affect my small business?
The blast radius is wider than most NC business owners expect, because the credentials harvested by Mini Shai-Hulud are exactly the ones that protect your cloud, your data, and your customer trust. Per Microsoft's typosquat advisory, the malware scans 130+ file paths and environment variables for:
- Cloud provider keys: AWS access keys, GCP service account files, Azure CLI tokens.
- Source control: GitHub Personal Access Tokens and OAuth tokens.
- Secret managers: HashiCorp Vault tokens, kubeconfig files.
- Crypto wallets: Local wallet files and seed phrases.
A typical NC small business does not run Node.js builds in-house. But almost every NC SMB has at least one vendor relationship that does:
- A web developer building or maintaining the company website.
- An ERP integrator or middleware partner writing Node.js connectors against your accounting or manufacturing system.
- A marketing automation contractor building HubSpot, Klaviyo, or Shopify integrations.
- An M&A target whose codebase you inherit at closing.
If any of those parties installs a poisoned package while holding YOUR AWS keys, GitHub deploy tokens, or Vault credentials on their laptop or CI runner, those secrets are now on the attackers' servers. That is the conversion path from "open source bug" to "your S3 bucket is on a leak site."
Who is at risk and what is the SMB exposure?
Any NC SMB that gives a third-party vendor production credentials, deploy tokens, or write access to a cloud account is exposed. The risk concentrates around manufacturers, professional services firms, and family businesses in the Piedmont Triad, Charlotte, Greensboro, Raleigh, and Winston-Salem markets that have lean internal IT and rely on outside developers.
The exposure stacks across three layers:
- Direct cloud loss. A leaked AWS access key can be used to spin up cryptominers, exfiltrate S3 data, or destroy backups before you see the bill.
- Source control takeover. A leaked GitHub token lets the attacker push code, alter CI workflows, or plant their own supply chain backdoor in your repos.
- Vault and Kubernetes escalation. Per Microsoft's AntV writeup, HashiCorp Vault tokens and kubeconfig files are top targets, which means a single contractor laptop can unlock a customer's entire orchestration plane.
For a small Triad manufacturer that hired a one-person shop in 2023 to build a customer portal, the chain is short and unforgiving: contractor installs a poisoned dependency, contractor's CI runner has the manufacturer's AWS deploy key, attacker exfiltrates the key, attacker drops ransomware in the production environment. None of that requires the manufacturer to do anything wrong.
Need a vendor risk review across your software contractors? Call (336) 886-3282 or contact Preferred Data Corporation for a same-week third-party software risk assessment.
What should an NC small business do this month?
Treat Mini Shai-Hulud as the trigger to put a real vendor and CI/CD discipline in place. Six action items, in priority order, will move an NC SMB from "exposed" to "defensible."
- Inventory which vendors touch your code or cloud. Web developers, ERP integrators, marketing contractors, SaaS implementers. Note who holds AWS, Azure, GCP, or GitHub credentials.
- Rotate any credentials shared with a vendor in the last 90 days. Use short-lived, scoped credentials going forward. Long-lived AWS access keys are the highest-risk item.
- Require an SBOM and CI/CD attestation from any vendor shipping code to you. Per Snyk's Mini Shai-Hulud writeup, pinning dependency versions and reviewing lockfile diffs would have blocked most installs.
- Move secrets out of
.envfiles and CI environment variables. Use a managed secrets service (AWS Secrets Manager, HashiCorp Vault) with audit logging and time-bound access tokens. - Add anomaly alerting on cloud accounts. Flag new IAM users, unusual API regions, and high-cost service launches within minutes, not days.
- Bake software supply chain language into vendor contracts. Incident notification windows (24-72 hours), right-to-audit, and breach-cost responsibility.
This is exactly the playbook PDC delivers through managed cybersecurity and our software development practice, which controls its own supply chain so customers do not inherit ours.
Why is software supply chain a managed problem, not a one-time fix?
Because npm publishes more than 4,500 new package versions every day, and attackers iterate faster than any single SMB can. The TanStack maintainers, with deep open-source expertise, were compromised through a token-reuse attack and still pushed valid SLSA provenance for the malicious release, per their postmortem. If a top-tier upstream maintainer can be fooled, your one-person contractor will be too.
Three structural realities make this a managed problem for NC SMBs:
- You cannot read every dependency. Modern web apps pull in thousands of transitive packages. The job is to monitor and contain, not to audit by hand.
- Speed of disclosure. The AntV malicious packages were live in the registry for hours before takedown. A 24/7 monitored cloud account is what catches a stolen-key event in the same hour, not the next quarter.
- M&A blind spot. When you buy or merge with another small business, you inherit their npm history, their vendor list, and their secrets discipline. PDC's M&A advisory practice treats third-party software risk as a standard diligence checklist item, because it now belongs there.
Preferred Data Corporation has served North Carolina small businesses from our High Point headquarters since 1987, and we provide on-site response within 200 miles, covering the Piedmont Triad, Charlotte, Greensboro, Raleigh, and Winston-Salem. Because we build and maintain the PDC Software Suite ourselves, we control our own software supply chain end to end, and we apply the same discipline when we review your vendors.
Ready to put a real vendor and CI/CD program in place? Call (336) 886-3282 or contact PDC. On-site within 200 miles of High Point.
Frequently Asked Questions
Is Mini Shai-Hulud still active in npm?
Yes. Three waves landed inside May 2026 alone (May 11 TanStack, May 19 AntV, May 28 typosquats) per Wiz, Microsoft, and The Hacker News. The same alias (vpmdhaj) and the same TeamPCP infrastructure recur across waves, which strongly suggests more pushes will follow. Treat it as an ongoing campaign, not a single event.
We do not use Node.js. Are we still exposed?
Almost certainly yes, indirectly. Your website, your portal, your marketing automation, and your SaaS integrations are very likely built or maintained by someone who does. If that vendor holds your cloud credentials, GitHub tokens, or Vault keys, their compromise becomes your loss. The exposure is via the vendor relationship, not the technology stack.
How would we even know if a vendor was compromised?
Three observable signals: anomalous activity in your cloud account (new IAM users, unusual regions, surprise spend), GitHub or source-control audit log entries from unfamiliar IPs, and notification from the vendor themselves under contract. The first two require monitoring you control; the third requires contractual language with notification windows. A managed cybersecurity partner sets up all three.
What about typosquats - are these only on npm?
The May 2026 campaign was npm-specific, but the same technique recurs across PyPI (Python), RubyGems, NuGet (.NET), and even Visual Studio Code extensions. The defense is universal: pinned dependency versions, lockfile review on every build, and a managed secrets posture so leaked credentials are short-lived and scoped.
Will cyber insurance cover a third-party supply chain breach?
Coverage varies, and 2026 underwriters increasingly ask about software supply chain controls (SBOMs, dependency scanning, third-party risk programs) at renewal. A breach that traces back to a vendor with no contract, no notification clause, and no insurance can leave you holding the cost. Document your vendor risk program now and it becomes both a defense and a claim-support artifact.
How does this affect M&A due diligence in NC?
It changes it. Buying a small business now means inheriting their dependencies, their vendor list, and their secrets hygiene. PDC's M&A advisory practice reviews the target's software supply chain (SBOM, contractor list, credential rotation history, CI/CD architecture) as part of standard IT diligence, so post-close surprises stay out of your purchase price.
What makes PDC different on software supply chain?
We control our own. The PDC Software Suite is built, tested, and maintained by PDC engineers, not assembled from third-party npm packages and shipped without review. When we tell an NC manufacturer how to manage vendor risk, it is the same discipline we apply to ourselves, which is the difference between consulting and accountable delivery.
Related Resources
- Managed Cybersecurity Services for NC Businesses - 24/7 monitoring, secrets discipline, vendor risk
- Custom Software Development and PDC Software Suite - Controlled supply chain, built in High Point
- Managed IT Services for NC Businesses - Cloud, identity, and CI/CD governance
- M&A IT Due Diligence Services - Inherit fewer surprises at closing
- FortiClient EMS CVE-2026-35616: Fake Patch Hits NC SMBs - Vendor-disguised malware defense
- Contact Preferred Data Corporation - Same-week vendor risk and CI/CD review