Mass NPM Supply Chain Attack Hits TanStack, Mistral AI, and 170 Packages (safedep.io)

On May 11, 2026, a significant supply chain attack compromised over 170 npm packages and two PyPI packages, marking it as one of the largest registry poisoning events of the year. The attack affected several well-known ecosystems, including TanStack, Mistral AI, and UiPath, targeting entire package scopes rather than individual packages. Specifically, attackers infiltrated the TanStack router ecosystem with 42 packages, the Mistral AI SDK suite, and 65 UiPath packages, introducing malicious versions that exploit credential theft mechanisms. This marks a worrying trend, being the first attack to span both npm and PyPI in a single endeavor. The implications of this attack are far-reaching for the AI/ML community, particularly given the high-profile nature of the targets. The attackers deployed a modular payload designed to harvest credentials from various cloud and CI/CD environments. This included AWS IAM and GitHub tokens, along with an ability to exfiltrate stolen data via a decentralized messenger network. Compromised packages deployed via both a preinstall hook and a stealthy optional dependency method suggest sophisticated planning. The ability to distribute malicious code rapidly across multiple platforms highlights vulnerabilities within popular package management systems, underscoring an urgent need for enhanced security measures across the open-source ecosystem.