Mini Shai-Hulud Supply Chain Attack Compromises TanStack npm Packages, Spreads to Mistral AI and UiPath
Tags Security · OSS · Infrastructure
A worm-like supply chain attack compromised 84 npm package artifacts across 42 @tanstack packages (12.7M weekly downloads) by hijacking TanStack's legitimate GitHub Actions release pipeline via cache poisoning and OIDC token extraction. The worm auto-propagated to Mistral AI and UiPath packages. This is the first npm supply chain attack producing valid SLSA Build Level 3 provenance attestations on malicious packages, undermining provenance-based trust. Attributed by StepSecurity to TeamPCP.
Technical significance
This attack fundamentally challenges the assumption that SLSA provenance attestations indicate package integrity. Because the malicious packages were built through the legitimate CI/CD pipeline, their provenance is technically valid — the compromise is at the pipeline configuration level. Organizations relying on provenance-based trust policies need to also audit workflow configurations.