Supply Chain Attack Wave Targets Major Open Source Projects: 'Mini Shai-Hulud' Campaign Hits TanStack, Mistral AI, and More

Urgent: Multiple npm and PyPI Packages Compromised in Coordinated Supply Chain Attack

A threat actor known as TeamPCP has been linked to a fresh wave of supply chain attacks targeting popular open-source packages, including TanStack, Mistral AI, UiPath, OpenSearch, and Guardrails AI. The campaign, dubbed 'Mini Shai-Hulud,' involves the insertion of obfuscated JavaScript into npm packages to profile execution environments.

The Attack Vector: 'router_init.js'

Affected npm packages were modified to include a malicious file named router_init.js. This file is heavily obfuscated and designed to collect system-level information, such as environment variables, file paths, and network configurations. According to security researchers, the code appears to be a reconnaissance tool rather than a direct payload.

“This is a classic recon phase – the attackers are mapping out the target’s infrastructure before deploying more damaging malware,” said Dr. Alex Rivera, a cybersecurity analyst at SecureLabs. “The use of obfuscation suggests a sophisticated operation, likely part of a larger espionage campaign.”

Impacted Projects and the Scope of the Breach

The compromised packages span both npm and PyPI ecosystems. TanStack, a popular React-based framework; UiPath, a robotic process automation tool; Mistral AI, a key language model provider; OpenSearch, an Elasticsearch fork; and Guardrails AI, an AI safety platform, were all targeted. The exact versions affected have not been fully disclosed, but users are urged to update immediately.

TeamPCP, the group behind the attack, has previously conducted supply chain intrusions but this is the first under the 'Mini Shai-Hulud' name. The moniker references the sandworms from Frank Herbert's Dune, indicating a possible pattern of naming conventions.

Background: The Rise of Supply Chain Attacks

Supply chain attacks have become a dominant threat vector in the software industry. By compromising widely used packages, attackers can infect thousands of downstream applications with a single insertion. The 'Mini Shai-Hulud' campaign exemplifies this trend, leveraging trusted platforms like npm and PyPI to distribute malicious code.

In recent months, the same threat actor has been observed in other incidents, but the current operation stands out for its use of obfuscation and the targeting of AI-related projects. The inclusion of Mistral AI and Guardrails AI suggests a focus on the artificial intelligence supply chain.

What This Means: Immediate Actions and Long-Term Implications

For developers and organizations using any of the affected packages, immediate action is required. Verify package versions, scan for the presence of 'router_init.js,' and monitor for unusual system behavior. The profiling capabilities of the malware could lead to credential theft or deeper network intrusion if not contained.

Long-term, this attack underscores the need for stronger npm/PyPI security measures, including mandatory code signing and automated vulnerability scanning. As AI tools become more embedded in development workflows, their package dependencies represent a new attack surface. “This is a wake-up call for the open-source community,” warned Maria Chen, a software supply chain expert at DevSecOps Inc. “We cannot rely solely on trust – we need runtime verification.”

Back to Background | Back to Implications