GemStuffer and Shai-Hulud: Two Supply Chain Attacks That Should Have Every Developer's Attention

GemStuffer hit RubyGems with 155 malicious packages. Mini Shai-Hulud worm compromised 170+ npm and PyPI packages including Mistral AI and TanStack. Here's what happened and why it matters.