§ feed · storyline

Npm packages for TanStack and Mistral hit in supply chain attack

Supply chain attack compromises npm packages for TanStack web development tools and Mistral, with malicious code found in router_init.js files across affected dependencies.

May 12 · 01:55:02 · primary fetch1 sourceupdated May 12 · 01:55:02

Socket: Several npm packages for the TanStack web development tools were compromised in the Mini Shai-Hulud supply chain attack; Mistral packages were also affected — - Immediate triage: Run shasum -a 256 on all router_init.js files in your dependency tree.

read full article on techmeme.com ↗

§ sources1 publication · timeline below

techmeme.comSeveral npm packages for the TanStack web development tools were compromised in the Mini Shai-Hulud supply chain attack; Mistral packages were also affected (Socket)primary01:55:02