Supply Chain Attack 'Mini Shai-Hulud' Hits SAP, Intercom Packages

A supply chain attack campaign calling itself Mini Shai-Hulud has compromised multiple widely used developer packages. The targets: SAP and Intercom npm packages, along with the Lightning package on PyPI.

Security researchers flagged the coordinated campaign as part of a broader wave of supply chain attacks targeting developer and security tools. The attackers infiltrated trusted package repositories — the kind developers pull from constantly without a second thought.

The naming choice is a nod to Dune's sandworms, but there's nothing fictional about the damage potential. Compromised packages in npm and PyPI can cascade through thousands of projects that depend on them, silently injecting malicious code into production environments.

The full scope of affected downstream projects remains unclear. Developers using these packages should audit their dependencies immediately.