Hackaday

What Does GitHub’s Npm Acquisition Mean For Developers?

Microsoft’s open-source shopping spree has claimed another victim: npm. [Nat Friedman], CEO of GitHub (owned by Microsoft), announced the move recently on the GitHub blog. So what motivated the ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

Cache-poisoning caper turns TanStack npm packages toxic

An attacker has published 84 malicious versions of official TanStack npm packages, with the impact including credential theft ...
Infosecurity Magazine

Mini Shai-Hulud Hits TanStack npm Packages

A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain ...

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...