Major supply chain attack campaign targeting npm packages affecting over 25,000 repositories across approximately 350 unique users. The Shai-Hulud campaign involves malicious npm packages designed to expose and steal secrets from affected repositories. This represents a significant ongoing threat to the JavaScript/Node.js ecosystem with widespread impact across the development community. Organizations using npm packages should immediately audit their dependencies and scan for compromised packages. The scale of this attack demonstrates the critical vulnerability of supply chain dependencies in modern software development.