Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages

A coordinated supply chain attack on May 11, 2026 (tracked as 'mini-shai-hulud') compromised over 170 npm packages and 2 PyPI packages across 404 malicious versions. High-profile targets include the entire TanStack router ecosystem (42 packages), all Mistral AI SDK packages on both npm and PyPI, 65 UiPath packages, OpenSearch (1.3M weekly downloads), and guardrails-ai. The payload is a 2.2MB obfuscated JavaScript credential-stealing framework that harvests AWS IAM keys, HashiCorp Vault tokens, GitHub tokens, and npm publish tokens, then exfiltrates them via the Session onion-routed messenger network. A self-spreading mechanism commits poisoned IDE config files (.claude/settings.json, .vscode/tasks.json) into victim repositories via GitHub's GraphQL API, targeting Claude Code and VS Code users. PyPI packages use import-time __init__.py injection to download a secondary Python payload from an attacker-controlled domain. Affected developers should check lockfiles for compromised versions, rotate any credentials present in exposed environments, and scan for /tmp/transformers.pyz on disk.