On 2026-05-11, an attacker chained a pull_request_target Pwn Request, GitHub Actions cache poisoning across the fork↔base trust boundary, and OIDC token extraction from runner memory to publish 84 malicious versions across 42 @tanstack/* packages on npm. Full postmortem.
In 18 months, npm, PyPI, RubyGems, Maven and Crates have all shipped malware. AI is accelerating both sides of the playbook. A tour of what's happening, with the defensive baseline at the end.
A sprawling supply-chain attack dubbed "Mini Shai-Hulud" has compromised hundreds of open-source packages, including TanStack and MistralAI. By hijacking automated CI/CD pipelines and spoofing digital signatures, the TeamPCP-linked malware successfully bypassed 2FA to steal cloud credentials and extort developers across major registries.
TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages and published 84 malicious package versions in just six minutes, exposing developers and CI/CD systems to credential theft and malware propagation.
Anthropic refused China model access; Isomorphic raised $2.1B; Google pushed Gemini deeper into Android; plus much more.
Angular. tj-actions. Cline. TanStack. The same class of attack has been quietly hijacking publish pipelines for two years. Here's what it is, how it works, and what you need to do today.
OpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories.
A post by Zach Leatherman (zachleat)
Notes – 05:55 Tue 12 May 2026
My Ministers will also introduce legislation to improve the country’s defences against cyber-security threats [Cyber Security and Resilience Bill].
OpenAI was hit by a supply chain attack involving hackers publishing a malicious version of Tanstack software used for web development.
Shell script to detect TanStack npm supply chain attack indicators (CVE-2026-45321 / GHSA-g7cv-rxg3-hmpx) - fabriziosalmi/tanstack-compromise-checker
OpenAI said the damage was limited to the employees’ devices, and did not affect user data nor its production systems, and none of its intellectual property was stolen.
OpenAI says no user data was accessed in the TanStack npm compromise: two corporate laptops, some credentials, and a forced macOS update.
Yesterday, the PHP community barely avoided an absolute disaster - a supply-chain vulnerability on the scale of a nuclear meltdown. In my opinion, this had the potential to be one of the most sever...
The Mini Shai-Hulud worm is actively compromising legitimate npm packages by hijacking CI/CD pipelines and stealing developer secrets. StepSecurity's OSS Package Security Feed first detected the attack in official @tanstack packages and is tracking its spread across the ecosystem in real time.
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers.
On May 11, 2026, the Mini Shai-Hulud worm compromised 84 npm package artifacts across 42 @tanstack/* packages (as well as @squawk/*, @mistralai/* packages, and others) by chaining a GitHub Actions "Pwn Request," cache poisoning, and OIDC token extraction from runner memory — producing the first npm supply chain attack with valid SLSA Build Level 3 attestations. Here's what happened, what was stolen, and what you need to do right now.
TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm packages.
TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm packages.
A new wave of the Shai-Hulud npm worm is loose. It hides inside developer packages, steals GitHub tokens, and uses a chilling sigil, IfYouRevokeThisTokenItWillWipeTheComputerOfTheOwner, to threaten anyone who tries to cut it off. Here is what it does and what to do about it.
The Mini Shai-Hulud worm is actively compromising legitimate npm packages by hijacking CI/CD pipelines and stealing developer secrets. StepSecurity's OSS Package Security Feed first detected the attack in official @tanstack packages and is tracking its spread across the ecosystem in real time.
Top news and commentary for technology's leaders, from all around the web.
We are actively investigating this security incident and sharing our findings here: www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem
Socket detected 84 compromised TanStack npm package artifacts modified with suspected CI credential-stealing malware.