Blockchain security firm SlowMist has uncovered a sophisticated npm worm, dubbed "Mini Shai-Hulud," that is infiltrating prominent developer projects such as TanStack, UiPath, and DraftLab. The worm exploits compromised GitHub credentials to publish malicious packages, embedding a script named router_init.js that executes in CI/CD environments like GitHub Actions. This script is designed to steal CI/CD secrets, cloud infrastructure credentials, and cryptocurrency wallet information. SlowMist has issued a warning to developers using the affected packages to scan their CI/CD pipelines for the presence of router_init.js, rotate all exposed credentials, and monitor for unusual activity. The firm has also shared threat intelligence with its clients to mitigate the impact of this attack.