TanStack weighs invitation-only pull requests after supply chain attack

Shai-Hulud worm exploited GitHub Actions misconfiguration to poison shared cache, now project weighing nuclear option on unsolicited contributions

The TanStack team has documented security measures and proposals following a damaging breach last week, including the possibility of making pull requests

(PRs) by invitation only - a break from the open-contribution model that defines most open source projects. The attack used code from the Shai-Hulud

worm, published

by malware outfit TeamPCP, which can extract secrets from memory

TanStack weighs invitation-only pull requests after supply chain attack

Other newsrooms on this story

Related reading

OpenAI confirms security breach in TanStack supply chain attack

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS…

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6…

OpenAI caught in TanStack npm supply chain chaos after employee devices…

Cache-poisoning caper turns TanStack npm packages toxic

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More…