Skip to main content
Scour
Discover
Docs
Login
Sign Up
Discover
About
Docs
Changelog
You are offline. Trying to reconnect...
Copied to clipboard
Unable to share or copy to clipboard
Back to article
snyk.io
4w
4 weeks ago
TanStack npm Packages Hit by Mini Shai-Hulud
(opens in new tab)
Covers
5 stories
See all stories this covers
including
Postmortem: TanStack NPM supply-chain compromise
Covered by
6 sources
See all sources covering this story
including
This Week In 4n6
,
evahill1.substack.com
Love
Like
Not for me
Save
|
|
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Covers 5 related stories
TanStack Blog
·
5w
5 weeks ago
Postmortem: TanStack NPM supply-chain compromise
Discussed on
Hacker News
,
Hacker News
,
Lobsters
,
r/netsec
,
r/programming
, and
DEV
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Postmortem: TanStack NPM supply-chain compromise
stepsecurity.io
·
5w
5 weeks ago
Mini Shai-Hulud - TanStack and more npm packages compromised, with SLSA Build Level 3 provenance attestations
Discussed on
Lobsters
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Mini Shai-Hulud - TanStack and more npm packages compromised, with SLSA Build Level 3 provenance attestations
Socket
·
5w
5 weeks ago
Tanstack NPM Packages Compromised in Ongoing Supply-Chain Attack
Discussed on
Hacker News
and
r/reactjs
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Tanstack NPM Packages Compromised in Ongoing Supply-Chain Attack
Unit 42
·
8w
8 weeks ago
The npm Threat Landscape: Attack Surface and Mitigations
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for The npm Threat Landscape: Attack Surface and Mitigations
cisa.gov
·
38w
38 weeks ago
Widespread Supply Chain Compromise Impacting NPM Ecosystem
Discussed on
Hacker News
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Widespread Supply Chain Compromise Impacting NPM Ecosystem
Covered in 7 articles
This Week In 4n6
·
5w
5 weeks ago
Week 20
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Week 20
evahill1.substack.com
·
1w
1 week ago
The vulnerability bottleneck has moved
Discussed on
Substack
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for The vulnerability bottleneck has moved
venturebeat.com
·
4w
4 weeks ago
GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK
venturebeat.com
·
4w
4 weeks ago
Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering
grafana.com
·
4w
4 weeks ago
Grafana Labs security update: Latest on TanStack npm supply chain ransomware incident
Discussed on
Hacker News
and
Lobsters
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Grafana Labs security update: Latest on TanStack npm supply chain ransomware incident
Decrypt
·
3w
3 weeks ago
Perplexity Built a Tool That Checks Your Computer for Infected Software—Without Setting Off the Infection
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Perplexity Built a Tool That Checks Your Computer for Infected Software—Without Setting Off the Infection
Tenable Blog
·
4w
4 weeks ago
Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign
Keyboard Shortcuts
Navigation
Next / previous post
j
/
k
Open post
o
or
Enter
Preview post
v
Post Actions
Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s
Recommendations
Add interest / feed
Enter
Not interested
x
Go to
Home
g
h
Interests
g
i
Feeds
g
f
Likes
g
l
History
g
y
Changelog
g
c
Settings
g
s
Discover
g
b
Search
/
Pagination
Next page
n
Previous page
p
General
Show this help
?
Submit feedback
!
Close modal / unfocus
Esc
Press
?
anytime to show this help
Like
Save
Not for me
Report