Mass Supply Chain Attack Compromised Hundreds of npm and PyPI Packages
Source: safedep.io
Published:
<p>A coordinated supply chain attack on May 11, 2026 compromised over 170 npm packages and 2 PyPI packages, totaling 404 malicious versions. The attacker hit the entire TanStack router ecosystem (42 packages), Mistral AI’s SDK suite (on both npm and PyPI), UiPath’s automation tooling (65 packages),