Supply Chain Attack Affecting Numerous npm and PyPI Packages

A supply chain attack, dubbed as "Mini Shai-Hulud", is affecting well-known projects including TanStack, Mistral AI, UiPath, and OpenSearch

Threat ID:: CC-4781
Threat Severity:: Medium
Published:: 12 May 2026 3:58 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

A supply chain attack, dubbed as "Mini Shai-Hulud", is affecting well-known projects including TanStack, Mistral AI, UiPath, and OpenSearch

Affected platforms

The following platforms are known to be affected:

Affected packages include:

npm packages
- @tanstack/react-router
- @mistralai/mistralai
- @opensearch-project/opensearch
- @uipath/robot
- @tanstack/vue-router
PyPI packages
- mistralai==2.4.6
- guardrails-ai==0.10.1

Researchers at Socket have been maintaining an updated list of affected packages: https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack#All-Compromised-Packages

Threat details

Introduction

Attackers published hundreds of malicious versions of legitimate software packages, affecting well-known projects including TanStack, Mistral AI, UiPath, and OpenSearch. Rather than targeting a single product, the attackers compromised entire groups of related packages at once, significantly increasing the scale and potential impact, notably impacting both npm and PyPI ecosystems in the same campaign. The malicious packages were uploaded in two phases on 29 April 2026 and 11 May 2026.

Exploitation details

The malicious packages contain heavily obfuscated payloads designed to execute during installation or import. Once executed, the malware attempts to harvest sensitive information from the affected environment, including GitHub and npm tokens, CI/CD secrets, cloud credentials, API keys, and other development secrets.

If a compromised environment has permission to publish other packages or access additional repositories, the malware can inject itself into further projects, allowing the attack to spread laterally across the open‑source ecosystem.

Remediation advice

The NHS England National CSOC recommends impacted developers follow the remediation steps detailed below.

If evidence of compromise is detected, organisations must immediately report this to the NHS England National Cyber Security Operations Centre (CSOC) by calling 0300 303 5222 or emailing [email protected].

Remediation steps

Type	Step
Guidance	Check for compromised packages tanstack \| https://tanstack.com/blog/npm-supply-chain-compromise-postmortem#packages-affected mistralai \| https://github.com/mistralai/client-ts/issues/217 opensearch-js \| https://github.com/opensearch-project/opensearch-js/issues/1116 guardrails-ai \| https://github.com/guardrails-ai/guardrails/issues/1473
Action	Pin known-good packages until patched releases are verified. Consider delaying installation of new packages to prevent automatic updates installing a compromised version. Monitor logs for unusual npm publish or package modification events. Treat any system that installed affected packages as compromised.
Action	Rotate all credentials accessible from impacted systems, including cloud credentials, GitHub tokens, npm tokens, and other API keys.
Action	Monitor for unauthorised package publishing activity linked to internal maintainers (indicating potential worm propagation).
Action	Audit .claude/ and .vscode/ directories in all developer home directories and project roots.
Guidance	If evidence of compromise is detected, organisations must immediately report this to the NHS England National Cyber Security Operations Centre (CSOC) by calling 0300 303 5222 or emailing [email protected].

Definitive source of threat updates

Last edited: 12 May 2026 3:58 pm