TanStack, Mistral AI, UiPath targeted in major supply chain attack compromising 170+ packages

A coordinated software supply chain attack compromised over 170 packages across the npm and PyPI registries on May 11, hitting some of the most widely used developer tools in the ecosystem. TanStack, Mistral AI, UiPath, and Guardrails AI were among the primary victims.

The attack, dubbed “Mini Shai-Hulud,” was carried out by a group calling itself TeamPCP. Between 373 and 404 malicious package versions were published in a roughly five-hour window, each designed to look indistinguishable from legitimate releases.

How the attack worked

The attackers exploited vulnerabilities in GitHub Actions workflows, specifically targeting a misconfigured pull_request_target workflow combined with cache poisoning techniques. They also abused OpenID Connect (OIDC) tokens, which are used to authenticate automated publishing pipelines between GitHub and package registries like npm.

The payload itself was a multi-stage credential-stealing worm. It was designed to harvest credentials from cloud environments and developer tooling, target password managers, and then propagate through dependency chains to infect additional projects.

Why crypto and Web3 should care

The compromised packages and tooling aren’t obscure libraries. TanStack is a widely used collection of tools for building web applications. Mistral AI provides developer tooling for AI integration. UiPath is a major automation platform. Guardrails AI builds safety tooling for AI applications.

The malware specifically targeted tools commonly used in both Web2 and Web3 environments, posing a direct threat to digital asset infrastructure where a compromised developer credential can mean access to smart contract deployment pipelines, wallet infrastructure, or exchange backend systems.

The response and what to watch

Security firms are urging immediate action from any team that may have pulled updates from affected packages during the attack window. The recommended steps include cleaning development environments, rotating all secrets and credentials, and auditing dependency trees for any of the compromised package versions.

For crypto teams, projects building on Web3 infrastructure should be treating their dependency chains with the same scrutiny they apply to smart contract audits. That means pinning exact package versions rather than accepting automatic updates, verifying package integrity through multiple channels, and implementing build-time scanning that can detect unexpected changes in dependency behavior.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.