Is Shai Hulud a risk for Vaadin Developers?

General
2

The same applies as previously: Is Vaadin build affected by attacks on npm packages?