npm Worm Poisons 373 Versions Across 169 Packages via TanStack

The 'shai-hulud' npm supply-chain worm exploited TanStack's GitHub Actions pipeline to steal npm tokens and self-propagate to 169 packages including Mistral AI, UiPath, and OpenSearch—jumping to PyPI.

1 min read|agenticonsult Intelligence

npm Worm Poisons 373 Versions Across 169 Packages via TanStack

An attacker exploited TanStack's pull_request_target GitHub Actions misconfiguration to poison the CI shared cache without review, steal npm's trusted-publishing token, and self-propagate to 373 package versions across 169 repos—including Mistral AI, UiPath, OpenSearch, and Guardrails AI—then jumped to PyPI. The worm also compromised two OpenAI employee devices. A dead-man switch nukes ~/ the moment the stolen GitHub token expires.

Why It Matters

Any repo using pull_request_target with a shared cache is potentially vulnerable. PNPM ≥1 ships mitigations: minimum-release-age, block-exotic-subdeps, and approved-builds defaults. Audit your CI cache boundaries now.

Primary source

Fireship

This breaking-news item was assembled from the cited primary source with AI assistance. It is intended for rapid situational awareness — refer to the original publication for the definitive statement.

npm Worm Poisons 373 Versions Across 169 Packages via TanStack

npm Worm Poisons 373 Versions Across 169 Packages via TanStack

Why It Matters

Live Intel Feed