The Shai-Hulud Wave 3 campaign injected malicious code into 639 versions of 323 npm packages in under 60 minutes on May 19, 2026, targeting widely used data visualization libraries including the AntV ecosystem. Novel capabilities — forged Sigstore/SLSA attestations, IDE-layer backdoors in VS Code and Claude Code extensions, and a self-spreading worm using harvested npm tokens — mean that standard cleanup steps will leave environments compromised. Any developer machine or CI/CD pipeline that consumed affected packages during the window must be treated as fully breached until credential rotation and IDE remediation are confirmed.