The open-source ecosystem has once again been shaken by a sophisticated supply chain attack. The Python package Lightning and the npm package intercom-client were infected with a new variant of the Shai-Hulud malware, a notorious infostealer that continues to evolve. This variant demonstrates a dangerous transformation capability—switching execution from Python to JavaScript—while deploying the same credential-stealing logic observed in previous Shai-Hulud campaigns. The incident underscores the growing fragility of trusted developer ecosystems and the urgent need for proactive defense strategies.

Who is Affected

The scope of this compromise is significant:

• Lightning (PyPI) → Versions 2.6.2 and 2.6.3 are affected.
• Intercom-client (npm) → Version 7.0.4 is affected.

Package name	Affected versions	Fixed versions
lightning	2.6.2, 2.6.3	<=2.6.1
intercom-client (npm)	7.0.4	<=7.0.3

Given Lightning’s 8.3M monthly downloads and intercom-client’s 1.3M monthly downloads, the potential exposure is massive. Developers who installed these versions must assume compromise of their environments, tokens, and API keys.

Impact of the Attack

The attack’s ripple effect is evident in the surge of compromised repositories. Public GitHub repositories containing stolen credentials rose from 1,200 to 1,800 between the SAP incident and the Lightning compromise. This escalation highlights how attackers are leveraging supply chain vectors to scale credential theft across ecosystems.

The malware’s ability to exploit npm tokens, GitHub Actions secrets, and environment variables means that not only individual developers but also organizations relying on CI/CD pipelines are at risk. The compromise of trusted packages translates directly into compromised infrastructure.

Recommended Actions

Security teams and developers should act immediately:

• Rotate all keys and enforce 2FA across accounts.
• Search GitHub repositories for “Shai-Hulud” related strings.
• Downgrade Lightning to version 2.6.1 or below.
• Treat all machines and tokens as compromised—reset environments and revoke credentials.

These steps are critical to containing the damage and preventing further exploitation.

Infection Analysis

OX Security identified over 1,800 repositories created by attackers containing stolen developer credentials. These repositories often include the phrase “A Mini Shai-Hulud has Appeared” in their descriptions, serving as a marker of exfiltrated data.

The malware exfiltrates secrets in bulk to an obfuscated endpoint: https://zero[.]masscan[.]cloud:443/v1/telemetry

This endpoint acts as the central collection hub for stolen tokens, GitHub Actions data, and npm package metadata.

Technical Analysis

The Shai-Hulud variant is not a simple beacon—it is a Node/Bun-based supply chain tool with advanced capabilities:

• Secret Collection → Scans for npm tokens (npm_…) and GitHub tokens (ghp_, gho_, ghs_…).
• Exfiltration → Buffers results and flushes them in batches (~100 KB) to attacker infrastructure.
• npm Exploitation → Uses valid npm tokens to enumerate packages, patch tarballs, and republish trojanized artifacts.
• GitHub Exploitation → Harvests GitHub Actions secrets, validates scopes, and pushes attacker-controlled files into repositories.

This multi-channel exfiltration strategy ensures attackers gain both immediate credential access and long-term persistence in developer environments.

Conclusion

The Shai-Hulud malware family continues to evolve, targeting high-value ecosystems like PyPI and npm. Its ability to hijack developer workflows, steal credentials, and republish malicious packages makes it one of the most dangerous supply chain threats today. For defenders, the lesson is clear: trust must be continuously verified. Package managers must strengthen detection mechanisms, and organizations must adopt zero-trust principles in their CI/CD pipelines.

The Shai-Hulud incident involving Lightning and intercom-client is a stark reminder of how fragile the open-source ecosystem has become. What makes this case particularly alarming is not just the scale of downloads but the sophistication of the malware. By transforming execution from Python to JavaScript, Shai-Hulud demonstrates adaptability that makes traditional detection methods less effective. This is not a static threat—it is a living, evolving adversary. From a strategic perspective, the attack highlights the imbalance between attacker innovation and defender preparedness. Developers rely heavily on package managers like PyPI and npm, yet these platforms remain vulnerable to malicious uploads. The burden of defense often falls on individual developers and organizations, who may lack the resources to continuously audit dependencies.

In our view, this incident should catalyze a shift toward mandatory package signing, automated dependency scanning, and ecosystem-wide threat intelligence sharing. Without these measures, attackers will continue to exploit trust at scale. The rise in compromised GitHub repositories is evidence of systemic risk, not isolated incidents. Ultimately, Shai-Hulud is not just a malware family—it is a warning. The open-source community must recognize that supply chain security is no longer optional; it is foundational to the future of software development.