TanStack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack

A sophisticated supply-chain attack dubbed "Mini Shai-Hulud" has compromised hundreds of npm and PyPI packages—including TanStack, UiPath, Mistral AI, and Guardrails AI—by implanting highly obfuscated, self-propagating malware that steals CI/CD and cloud credentials, persists on developer workstations, and exfiltrates secrets via a decentralized P2P network, posing a severe threat to the open source software ecosystem.