What started as 169 compromised packages in the May 11 wave has crept past 170 — not a rounding error, but a signal that the worm-style propagation is working. The malware executes at install time, extracts credentials, and immediately uses registry write access to publish poisoned versions of every other package that victim account can touch. That self-amplifying loop is why TanStack packages got hit in the original wave and why the count keeps climbing. This is the fourth documented generation of the TeamPCP campaign, active since late April 2026, and the escalation trajectory hasn't flattened. Combined weekly downloads across affected packages now exceed 518 million. Audit your npm and PyPI token exposure, check whether any account on your CI has registry publish access broader than it needs, and treat any package from a compromised maintainer as untrusted until the registry confirms a clean re-publish.