Datadog Shai-Hulud open-source static analysis framework for CI/CD pipeline security

Datadog Security Labs published a static analysis of the leaked Shai-Hulud framework source on 2026-05-13 (covered daily 2026-05-15). The synthesis the daily had room for was the high-level capability summary; the cross-finding lens worth surfacing here: this is the first publicly-available complete-source reverse-engineering of an active npm-supply-chain operator's toolkit, comparable to the value the leaked Conti chats provided in 2022 for ransomware-affiliate defender intelligence. Detection-engineering teams now have a non-IOC behavioural reference for the entire TeamPCP toolchain: IDE-persistence hook patterns, OIDC-token extraction from /proc/<pid>/mem, Sigstore-provenance forgery primitives, GitHub Actions dead-drop conventions. The Datadog post-leak ecosystem-monitoring methodology (matching commits, repo names, hook configurations) is portable to any organisation with developer-workstation file-integrity monitoring; the broader implication is that publication-provenance verification is no longer sufficient as a sole supply-chain control (Datadog Security Labs).

UPDATE (2026-05-13 — follows TeamPCP coverage 2026-05-13): Datadog Security Labs published an analysis of the TeamPCP "Shai-Hulud" offensive worm source code on 2026-05-13, after the complete framework was briefly accessible as a public GitHub repository on 2026-05-12 before the account was removed (Datadog Security Labs, 2026-05-13). The brief public exposure gave researchers direct visibility into the worm's internal architecture: it is a TypeScript/Bun toolkit that automates GitHub Actions pwn-request exploitation — specifically targeting pull_request_target workflows that perform unsanitized checkouts — to harvest OIDC tokens and GITHUB_TOKEN values, then propagate across npm packages using the stolen credentials. The automation is fully self-contained; victim-repository selection is not manually guided, consistent with the worm-class spread observed in the original TanStack campaign. The leaked code also exposes the environment-variable injection technique (${{ github.event.pull_request.head.sha }} substitution in run steps) as a key primitive. Defenders should not execute the leaked code. The architectural disclosure accelerates defensive posture: prioritise auditing pull_request_target triggers with checkout steps in the same job, review OIDC token permission scopes, and apply environment variable sanitization. MITRE ATT&CK: T1195.002 (Compromise Software Supply Chain), T1552.001 (Credentials in Files), T1059.004 (Unix Shell).