Many npm packages for Mistral, UiPath, TanStack's web dev tools like react-router, and more were compromised, likely in the Mini Shai-Hulud supply chain attack (Socket)
Techmeme [Unofficial]
May 11, 2026
Socket: Many npm packages for Mistral, UiPath, TanStack's web dev tools like react-router, and more were compromised, likely in the Mini Shai-Hulud supply chain attack — - Immediate triage: Run shasum -a 256 on all router_init.js files in your dependency tree.
Discussion in the ATmosphere