Shai-Hulud worm strikes: six steps to secure your enterprise now

Immediate actions against the Shai-Hulud worm

The worm has infected any development environment that installed one of the ↓ 84 malicious npm versions released since 11 May 2026, harvesting credentials from more than 100 locations, including AWS keys, SSH keys, npm tokens and AI agent configs. Security researchers warn that removal of the compromised package does not delete persistence files hidden in .claude and .vscode directories, nor the system daemon that survives reboots.

“It writes hooks that re‑execute on every project open,”

says Peyton Kennedy of Endor Labs. The campaign, attributed to the TeamPCP group, leveraged a cache‑poisoning technique that bypassed OIDC scoped publishing controls. Reuters reported that the Shai-Hulud worm also crossed into PyPI, compromising the mistralai package. Key mitigation steps include: pin OIDC publishing to a single workflow on a protected branch, enforce clean caches, audit optionalDependencies, isolate CI runners before revoking tokens, and search for persistence files such as router_init.js. Act now – a destructive daemon will erase home directories if tokens are revoked prematurely. Bloomberg notes the ↑ 12.7M weekly downloads of @tanstack/react-router amplify the threat’s reach.