The Shai-Hulud campaign has evolved to compromise CI/CD pipelines without stolen credentials, injecting malicious build artifacts that carry valid SLSA provenance attestations. Confirmed affected namespaces include @tanstack/* (~12.7M weekly downloads), @redhat-cloud-services/* (32 packages), @bitwarden/cli, @opensearch-project/opensearch, @mistralai/mistralai, and @uipath/* (57 packages). The May 12, 2026 public release of Mini Shai-Hulud source code has lowered the barrier to replicate this attack against any npm or PyPI namespace.