#npm
// 4 transmissions tagged with #npm
Red Hat npm packages compromised, users urged to secure dependencies
A GitHub issue reports that several Red Hat npm packages have been compromised, exposing users to potential security risks. Red Hat is investigating and recommends immediate removal or audit of the affected packages.
Mini Shai-Hulud malware hits 314 npm packages
The Mini Shai-Hulud malware has compromised 314 npm packages by injecting obfuscated malicious code, according to SafeDep.
Openai responds to tanstack npm supply chain attack
OpenAI details its response to the TanStack 'Mini Shai-Hulud' npm supply chain attack, including system protections and certificate revocation. macOS users must update OpenAI apps by June 12, 2026 [openai].
TanStack npm supply-chain compromise revealed
TanStack's postmortem analysis details the npm supply-chain compromise, caused by a vulnerable dependency in one of its packages [TanStack Blog]. The incident led to malicious code injection, affecting users.