Skip to main content
Emerging ThreatsMalware & Ransomware

Shai-Hulud worm infects another npm package

Developer workstation in shared office with laptop and large monitor displaying signs of GitHub Actions shared-cache…

TanStack is weighing invitation-only pull requests after the Shai-Hulud worm exploited a GitHub Actions misconfiguration to poison a shared cache, and a copycat variant has now infected yet another npm package.

The Shai-Hulud copycat infection

The short bulletin that surfaced on The Register reports a repeat of a troubling pattern: a copycat of the Shai-Hulud worm has infected "yet another npm package." The brief account ties that infection to the same class of supply-chain manipulation that prompted TanStack to reconsider how it accepts outside code contributions.

GitHub Actions shared-cache poisoning as the attack vector

The Register item states bluntly that the worm "exploited a GitHub Actions misconfiguration to poison [a] shared cache." That phrase locates the technical mechanism: an automation workflow configuration on GitHub Actions was abused to introduce tainted artifacts into a cache shared by builds or workflows, and the poisoned cache subsequently carried malicious code into an npm package.

The report does not elaborate further on the precise misconfiguration or the payload delivered, but it makes clear that the attack used CI/CD automation and shared caches as a stepping stone to contaminate packages published to npm.

TanStack's response: invitation‑only pull requests

One concrete consequence named in the report is TanStack's deliberation over an unusually restrictive countermeasure: "invitation-only pull requests." The project is "weighing [the] nuclear option on unsolicited contributions" after the supply-chain attack, according to the same Register copy.

That phrasing captures two linked realities: maintainers face a real trade-off between keeping contribution channels open and reducing their attack surface, and at least one major JavaScript project is publicly considering sharply tighter gates on how outsiders may propose changes.

What this means for TanStack maintainers, enterprise security teams, and npm consumers

  • TanStack maintainers: The project is actively rethinking contribution policy by considering invitation-only pull requests — a direct administrative control intended to prevent unsolicited, potentially poisoned code from entering the project.
  • Enterprise security teams: The incident underscores that GitHub Actions misconfiguration and shared caches are exploitable in supply-chain attacks. Enterprises that consume npm packages and use CI/CD automation must account for tainted upstream artifacts as a practical risk vector.
  • npm consumers and downstream developers: The report shows that packages distributed via npm can be contaminated through CI/CD abuse; downstream users who rely on external packages will need to monitor for poisoned releases and may pressure maintainers to tighten contribution workflows.

A narrow, costly fix — and an open question

TanStack's contemplation of invitation-only pull requests illustrates the dilemma facing open-source maintainers after a CI/CD‑driven supply‑chain compromise: a more restrictive process reduces a specific attack surface but also erects a barrier to spontaneous external contributions. The Register's report labels the measure a "nuclear option," a phrase that signals both its severity and the absence of an easy middle ground described in the piece.

The incident described in the brief arrives in the form of a terse but pointed signal: automation misconfigurations can be weaponized to taint shared caches, and that contamination can propagate into widely distributed packages. The next concrete step — whether TanStack implements invitation-only PRs, or whether other projects follow — remains to be seen from the plain text of the report.

Read the original Register report