@redhat-cloud-services/frontend-components

@redhat-cloud-services/frontend-components is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (7.7.2) was later unpublished, wave 2 (7.7.3) is the live latest.