The Python package Lightning was compromised on PyPI and two malicious versions, 2.6.2 and 2.6.3, were published on April 30, 2026, in what security researchers said was a credential theft campaign tied to the broader Mini Shai-Hulud supply chain incident.
KEY FACTS
- Versions affected Lightning 2.6.2 and 2.6.3 were flagged as malicious.
- Behavior The package ran a hidden runtime and an obfuscated JavaScript payload when imported.
- Impact The malware targeted GitHub tokens, cloud credentials, SSH keys, .env files and other developer secrets.
- Status PyPI quarantined the project, then removed the quarantine and deleted the bad releases.
A technical analysis by Socket said the malicious package contained a hidden _runtime directory with a downloader and obfuscated JavaScript payload. The execution chain started automatically when the Lightning module was imported, with no extra action required after installation.
The report said the attack used a Python script called start.py to download and run the Bun JavaScript runtime, then execute an 11MB payload named router_runtime.js. Stolen GitHub tokens were checked against the GitHub user endpoint and could be used to push content into repositories the token holder could write to.
The disclosure also said the malware tried to spread further by modifying local npm packages with a postinstall hook, raising version numbers, and repacking tarballs. If a developer published the altered package, the malicious code could reach downstream users.
Lightning maintainers said they were aware of the issue and were investigating. A separate advisory said the root cause was still under review, but the affected releases introduced functionality consistent with credential harvesting. The latest known clean version is 2.6.1.
WHY IT MATTERS
The incident shows how a single compromised dependency can expose developer systems and then move across package ecosystems. Blocking the bad versions and rotating exposed credentials can limit further risk, especially in environments that imported Lightning during the window of compromise.