TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack
1mo agoen
Source
SnykTanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attacksnyk.ioOn May 11, 2026, the Mini Shai-Hulud worm compromised 84 npm package artifacts across 42 @tanstack/* packages (as well as @squawk/*, @mistralai/* packages, and others) by chaining a GitHub Actions "Pwn Request," cache poisoning, and OIDC token extraction from runner memory — producing the first npm supply chain attack with valid SLSA Build Level 3 attestations. Here's what happened, what was stolen, and what you need to do right now.
You might also wanna read
317 npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack
A major npm supply chain attack occurred on May 19, 2026, when the npm account of maintainer "atool" was compromised. The attacker published
Postmortem: TanStack npm supply-chain compromise via GitHub Actions exploitation
On May 11, 2026, an attacker exploited a chain of vulnerabilities — including the pull_request_target "Pwn Request" pattern, GitHub Actions
Shai-Hulud: Largest npm Supply-Chain Compromise Affecting CrowdStrike and Hundreds of Packages
The Shai-Hulud malware campaign represents the largest and most dangerous npm supply-chain compromise in history, affecting hundreds of pack
TeamPCP supply chain attack hits TanStack
ThreatLocker·12d ago
Post-Mortem Analysis: How Our Company Was Compromised by the Shai-Hulud 2.0 npm Supply Chain Worm
The article details a company's experience being compromised by the Shai-Hulud 2.0 npm supply chain worm on November 25th, 2025. It describe
trigger.dev·6mo ago
Microsoft uncovers npm supply chain attack stealing cloud and CI/CD credentials via typosquatted packages
Microsoft identified an active supply chain attack (Mini Shai-Hulud campaign) targeting the npm package ecosystem. On May 28, 2026, a threat
microsoft.com·1mo ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.