{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreigkivc4oxl53zeoaf6mpziiwrj72wieuy6uswxwmejs2xmbtrouqm",
    "uri": "at://did:plc:z3a345rn6njmxg2o5lxmj3en/app.bsky.feed.post/3mlnpubiejw22"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreihfodvejbuavnwafkrfgdjrembfr3zerntmbj24srcjfvq2swveza"
    },
    "mimeType": "image/jpeg",
    "size": 380461
  },
  "path": "/news/security/shai-hulud-attack-ships-signed-malicious-tanstack-mistral-npm-packages/",
  "publishedAt": "2026-05-12T11:29:36.000Z",
  "site": "https://www.bleepingcomputer.com",
  "tags": [
    "Security"
  ],
  "textContent": "Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. [...]",
  "title": "Shai Hulud attack ships signed malicious TanStack, Mistral npm packages"
}