In spring 2026, a self-replicating worm called Mini Shai-Hulud tore through the npm (Node Package Manager) and PyPI (Python Package Index) ecosystems, compromising roughly 170 packages across hundreds of malicious versions, with a historical download base exceeding 518 million, according to research from the Cloud Security Alliance.
In other words, the trust layer itself became part of the attack surface.
The attack was not just another dependency compromise. It abused trusted publishing and provenance controls designed to verify software integrity, and it planted persistence in AI coding-agent configuration files that could survive ordinary package cleanup . . .
Leave a Comment