massive campaign for 170+ packages and 400+ malicious versions published. what we saw that not a single maintainer account compromised. tanStack and Mistral AI these are the names that stand out.
massive campaign for 170+ packages and 400+ malicious versions published. what we saw that not a single maintainer account compromised. tanStack and Mistral AI these are the names that stand out.
probably not, I haven’t seen any other post mortems but the tanstack ones were only up for 20 minutes so really low chance. I wouldn’t be surprised if they were all a similar approach and that’s why they all happened at the same time