A self-propagating malware called Shai-Hulud has infected over 500 npm packages, including one with over two million weekly downloads. The worm steals sensitive data, exposes private repositories, and hijacks victim credentials to spread further. It executes when an infected package is installed, collecting system information and GitHub tokens. The malware exfiltrates secrets from repositories, migrates private repositories to public, and self-replicates by infecting the victim's most downloaded packages. Notable infected libraries include those from CrowdStrike. The infection started with ngx-bootstrap version 18.1.4. Prevention measures include using specialized solutions for monitoring open-source components and implementing comprehensive security systems.