Deep Dives

Long-form analysis on significant security events, campaigns, and trends.

Wed, 20 May 2026 11:29:50 UTC 10 min read

How the TanStack Supply Chain Attack Unfolded — And What It Means for npm Security

A technical deep-dive into the Shai-Hulud worm that compromised TanStack, Mistral AI, OpenAI employee devices, and 1,000+ npm packages across six months.

supply-chainnpmshai-huludtanstack