Mini Shai-Hulud attack hits TanStack and Mistral npm packages
- Source
- Socket
- Time
- 11:58 PM
- Weight
- 95/100
A widespread supply-chain attack known as "Mini Shai-Hulud" has compromised dozens of popular npm packages, including those from TanStack and Mistral AI. The breach, detected by the security team at Socket, involves the injection of a sophisticated credential stealer designed to harvest secrets from GitHub Actions, AWS, HashiCorp Vault, and Kubernetes.
Some affected packages, such as TanStack’s React Router, have over 12 million weekly downloads, significantly expanding the potential impact on the software ecosystem. The attack utilizes heavily obfuscated JavaScript files, including `router_init.js` and `tanstack_runner.js`, which operate as self-propagating worms.