THREAT OPS › Threat News › Mini Shai-Hulud: Where SLSA’s Boundaries Fall
Mini Shai-Hulud: Where SLSA’s Boundaries Fall
<p> </p> <div class="site-content"> <div class="content markdown main-content"> <p class="h3 post-author">By Andrew McNamara (Red Hat)</p> <p><em>This blog was originally published on the SLSA.dev website. The original post can be found <a href="https://slsa.dev/blog/2026/05/mini-shai-hulud-what-slsa-can-and-cannot-do">here</a></em></p> <p>On May 11, 2026, attackers compromised 84 npm package
MITRE ATT&CK techniques
Indicators of compromise
- https://slsa.dev/blog/2026/05/mini-shai-hulud-what-slsa-can-and-cannot-dourl
- https://slsa.dev/blog/2026/05/mini-shai-hulud-what-slsa-can-and-cannot-do#fn1url
- https://slsa.dev/spec/v1.2/build-requirements#isolatedurl
- https://slsa.dev/spec/v1.2/levelsurl
- https://slsa.dev/spec/v1.2/verifying-artifacts#forming-expectationsurl
- https://slsa.dev/spec/v1.2/threatsurl
- https://slsa.dev/spec/v1.2/threats#poison-the-build-cacheurl
- https://colocatedeventsna2025.sched.com/event/28D22/url
- https://colocatedeventseu2026.sched.com/event/2DY1G/url
- https://slsa.dev/spec/v1.2/source-requirementsurl
- https://slsa.dev/blog/2026/05/mini-shai-hulud-what-slsa-can-and-cannot-do#fn2url
- https://tanstack.com/blog/npm-supply-chain-compromise-postmortemurl
- https://snyk.io/blog/tanstack-npm-packages-compromised/url
- https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystemurl
- https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attackurl
- https://slsa.dev/blog/2026/05/mini-shai-hulud-what-slsa-can-and-cannot-do#fnref1url
- https://tanstack.com/blog/incident-followupurl
- https://slsa.dev/blog/2026/05/mini-shai-hulud-what-slsa-can-and-cannot-do#fnref2url
- s.w.orgdomain