Supply Chain Attack "Mini Shai-Hulud" Targets SAP-Ecosystem npm Packages

📌 A supply chain attack self-named "Mini Shai-Hulud" compromised four SAP-ecosystem npm packages on April 29, 2026, targeting the @cap-js and mbt packages. The attack involved a Bun-based stealer malware embedded in the packages, as identified by Snyk, which issued live advisories. No CVE IDs were explicitly mentioned in the reported details. The impacted packages were part of the SAP development ecosystem, though the exact scope of affected systems or data exfiltration methods was not specified. The incident highlights risks in npm dependency chains within enterprise software environments.