The Shai-Hulud threat cluster has actively poisoned 23-plus npm packages across the LeoPlatform and RStreams ecosystems, the GitHub Actions workflow codfish/semantic-release-action, and the Go module verana-labs/verana-blockchain with Miasma malware. Any organization whose build pipelines consumed affected package versions published after June 24, 2026 should treat those environments and all downstream applications as compromised. Stolen credentials feed a self-amplifying loop that extends poisoning laterally across registries.