Modified versions of the Shai-Hulud worm are actively targeting NPM developers following the recent leak of its source code on GitHub. Cybersecurity firm Ox Security has confirmed that at least one threat actor is leveraging these adapted variants to execute supply chain attacks just days after the original malware's blueprint became publicly available. This swift weaponization validates earlier warnings from researchers who anticipated immediate exploitation once the code was exposed. The original Shai-Hulud worm first surfaced in September 2025, demonstrating a sophisticated capability now democratized for broader malicious use through open-source access. The rapid emergence and deployment of these new worm variants against the NPM developer community highlight an urgent threat to software supply chains. This incident underscores the amplified risk when advanced malware source code is exposed, enabling opportunistic actors to quickly adapt and deploy potent tools against vulnerable platforms. Practitioners must recognize that such leaks drastically accelerate the threat lifecycle, demanding immediate vigilance and robust supply chain security measures to counter evolving attacks. 1