https://utube.ro/videos/watch/d127941f-0645-4aa4-a1b8-8e66d27f97df TeamPCP is back. On May 11th they hijacked TanStack's own legitimate release pipeline and used it to publish 84 malicious package versions in a six-minute window. By end of day the campaign had spread to over 170 packages across npm and PyPI with 518 million cumulative downloads affected. What makes this attack different from anything before: the malicious packages carry valid SLSA Build Level 3 provenance attestations. The security certificate was real. Valid provenance no longer guarantees a package is clean. There's also a dead man's switch. If you ran affected packages on May 11th, do not immediately revoke your tokens -- watch the video first. ⚠️ If you ran @tanstack packages on May 11th, treat the environment as compromised. ⚠️ WHAT TO DO Block these domains at your DNS level now: git-tanstack.com *.getsession.org api.masscan.cloud If affected, rotate credentials in this order from a clean machine: npm tokens GitHub Personal Access Tokens AWS credentials Vault tokens Kubernetes service account tokens ⚠️ Do NOT revoke tokens on a machine that may still be running the malware. Isolate the machine first, then rotate from a separate clean machine. Confirmed clean @tanstack families: @tanstack/query, @tanstack/table, @tanstack/form, @tanstack/virtual, @tanstack/store ⏱ CHAPTERS 00:00 - TeamPCP Hits TanStack 00:39 - What Is TanStack? 01:04 - The Scale of the Attack 01:07 - How They Did It 02:00 - The pnpm Store Explained 02:30 - How OIDC Tokens Were Stolen 03:13 - The Provenance Problem 04:13 - The Dead Man's Switch 04:43 - Do Not Revoke Tokens Yet 05:01 - What To Check Right Now 06:21 - The Bigger Picture 07:14 - The Claude Impersonation 07:37 - Closing Thoughts 🔗 LINKS & SOURCES TanStack website: https://tanstack.com Socket: TanStack npm packages compromised Mini Shai-Hulud: https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack TanStack: postmortem: https://tanstack.com/blog/tanstack-start-npm-supply-chain-attack StepSecurity: Mini Shai-Hulud is back: https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem Snyk: TanStack npm packages hit by Mini Shai-Hulud: https://snyk.io/blog/tanstack-npm-packages-compromised/ CyberSec Guru: Mini Shai-Hulud affected packages list: https://thecybersecguru.com/news/mini-shai-hulud-npm-worm-affected-packages-list/ Socket: Mini Shai-Hulud campaign tracker: https://socket.dev/supply-chain-attacks/mini-shai-hulud Wiz: Mini Shai-Hulud strikes again: https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised DB Tech: supply chain series playlist: https://www.youtube.com/playlist?list=PLhMI0SExGwfDvNsgAqCiGx-HJ9AASbeCB Aikido: Mini Shai-Hulud is back: https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised Mend: 172 npm and PyPI packages compromised: https://www.mend.io/blog/mini-shai-hulud-is-back-172-npm-and-pypi-packages-compromised-in-latest-wave/ Appwrite: TanStack npm attack breakdown: https://appwrite.io/blog/post/tanstack-start-npm-supply-chain-attack The Hacker News: Mini Shai-Hulud worm compromises TanStack: https://thehackernews.com/2026/05/mini-shai-hulud-worm-compromises.html /=========================================/ ✅ Amazon Wishlist: https://dbte.ch/amznwishlist Get early, ad-free access to new content by becoming a channel member, or a Patron! ✅ https://www.patreon.com/dbtech ✅ https://www.youtube.com/channel/UCVy16RS5eEDh8anP8j94G2A/join All My Social Links: ✅ https://dbt3.ch/@dbtech Join Discord! ✅ https://discord.gg/M9J6hFq /=========================================/ ✨Ways to support DB Tech: ✅ https://www.patreon.com/dbtech ✅ https://www.paypal.me/DBTechReviews ✅ https://ko-fi.com/dbtech ✅ Cashapp: https://cash.app/$dbtechyt ✅ Venmo: https://venmo.com/dbtechyt ✨Come chat in Discord: ✅ https://dbte.ch/discord Thu, 14 May 2026 22:45:10 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://utube.ro https://utube.ro/lazy-static/avatars/888f68a5-dd7d-4b7f-b73d-9e288452fcb8.png https://utube.ro/videos/watch/d127941f-0645-4aa4-a1b8-8e66d27f97df All rights reserved, unless otherwise specified in the terms specified at https://utube.ro/about and potential licenses granted by each content's rightholder.