The mechanics behind the headlines
On May 11, 2026, a worm called Mini Shai-Hulud compromised 84 malicious package versions across the TanStack ecosystem in six minutes — without stealing a single credential. Here's what happened, how it spread, and what to do if your environment was affected.
DAEMON Tools installers downloaded from the official website between April 8 and May 5 were backdoored — signed with the developer's own certificate, distributed through the legitimate domain, and undetected for nearly a month. Here's how the trust model that code signing is built on became the attack's primary weapon.
On March 31, 2026, Anthropic accidentally published the complete source code of Claude Code to the public npm registry. It was the second time in 13 months. Within hours, criminals were using the leak as bait.
An expired maintainer email domain and a standard npm password reset handed attackers publish rights to a package with 822,000 weekly downloads — no npm breach required.
OIDC trusted publishing was designed to eliminate the long-lived credentials that supply chain attackers steal. Mini Shai-Hulud bypassed it anyway. Here's how the mechanism works, what it actually guarantees, and how three individually reasonable configuration decisions combined to let an attacker publish under TanStack's own verified identity.