Our response to the TanStack npm supply chain attack

Source: OpenAI Date: 2026-05-13 URL: https://openai.com/index/our-response-to-the-tanstack-npm-supply-chain-attack

Summary

On May 11, 2026, TanStack — a widely used open-source JavaScript library — was compromised as part of a broader npm supply chain attack called “Mini Shai-Hulud” that affected over 160 npm and PyPI packages. Two OpenAI employee devices were impacted; the malware exfiltrated limited credential material from a subset of internal source code repositories those employees could access. OpenAI rotated signing keys for Windows, macOS, iOS, and Android apps, re-signed all applications with new certificates, and required macOS users to update by June 12, 2026. Post-incident hardening included minimumReleaseAge package manager controls and enhanced CI/CD credential protection.

Implications

• Feeds the software supply chain security thread: This is a high-profile confirmation that widely-trusted open-source libraries remain a viable attack vector into AI lab infrastructure — and that even security-conscious organizations are exposed through transitive dependencies.
• AI infrastructure as a high-value supply chain target: The fact that attackers hit TanStack specifically to reach AI company credentials (vs. generic credential harvesting) suggests threat actors are now deliberately targeting the dependency graphs of AI development toolchains.
• minimumReleaseAge as a practical countermeasure: OpenAI’s post-incident deployment of release-age controls in their package manager is a concrete, actionable hardening pattern — worth adopting in any project with sensitive CI/CD credential exposure.