1. npm Supply Chain Attack Exposes 170+ Packages Including TanStack and Mistral AI—Maintainer Accounts Left Uncompromised
A sweeping npm supply chain attack has surfaced, targeting more than 170 packages with over 400 malicious versions published. The campaign stands out for a critical anomaly: investigators found no evidence that any maintainer accounts were compromised, raising sharp questions about how the malicious code entered the ec...