Openai responds to tanstack npm supply chain attack

OpenAI confirmed it was impacted by the TanStack 'Mini Shai-Hulud' npm supply chain attack, which compromised a widely used open-source package to distribute malicious code [openai]. The attack allowed threat actors to tamper with software builds, prompting OpenAI to revoke and reissue signing certificates for its macOS applications.

The company detected the intrusion through internal monitoring and immediately rotated credentials, invalidated compromised artifacts, and pushed updates to prevent unauthorized execution. OpenAI states that no customer data or production systems were accessed during the incident. However, because the malicious package was used in internal development environments, OpenAI is requiring all macOS users to update their OpenAI apps by June 12, 2026, to maintain trust in app integrity.

The attack exploited a dependency in the TanStack ecosystem, a collection of tools used by developers to build web applications. While TanStack has since removed the malicious package, the incident underscores how deeply nested dependencies can create systemic risk across major tech firms. OpenAI notes that the attacker’s access was limited to build-time processes and did not extend to model weights or user authentication systems.

This event adds to a growing list of npm-based supply chain intrusions, including past incidents affecting popular libraries like ua-parser-js and coa. OpenAI is now enforcing stricter dependency vetting and artifact signing, requiring all internal projects to use pinned versions and verified sources.

The June 12, 2026 deadline ensures that older, potentially compromised binaries are no longer in circulation. Users who fail to update will lose access to new features and security patches.