ScoutGet the App

TanStack npm attack hit OpenAI

- OpenAI reported a supply‑chain attack via the TanStack npm package that affected two employee devices, and said no user data was exposed. - The incident impacted developer machines; OpenAI advised macOS users to update ChatGPT, Codex and Atlas by June 12 to remediate risk. - The disclosure underscores how npm supply‑chain compromises can reach developer endpoints and trigger urgent client app updates. (x.com)

1/ OpenAI disclosed on May 15, 2026, that a supply-chain attack targeting the TanStack npm package compromised two employee developer machines. No user data or production systems were affected, the company said in a security update. 2/ The attack exploited a malicious version of TanStack's `tanstack/virtual` package, version 3.1.5, published to npm on May 14. Attackers injected code that executed only on developer environments using specific TanStack tools like `@tanstack/react-virtual`. 3/ TanStack founder Tanner Linsley confirmed the compromise on X, noting the malicious package was live for under 24 hours before npm yanked it. "It targeted dev machines running our virtual scroller in certain configs," Linsley wrote. Over 200,000 weekly downloads made it a high-risk vector. 4/ OpenAI employees hit were using the package in local dev setups for internal tools. The malware attempted persistence via a fake browser extension prompt, but OpenAI's endpoint detection blocked broader spread. "Two devs, isolated incident," OpenAI security lead Mira Patel said. 5/ Why macOS users specifically? The payload hooked into desktop app debug bridges for ChatGPT, Codex, and the new Atlas coding agent. OpenAI pushed an urgent update on May 15, urging macOS installs to upgrade by June 12 to patch the vuln. Windows/Android/iOS unaffected. 6/ npm supply-chain attacks like this follow a pattern: SolarWinds (2020), XZ Utils (2024), and now TanStack. Malicious code hides in deps, activates only in dev/prod pipelines. npm's 2.5M packages make vetting tough—only 0.1% audited deeply. 7/ OpenAI's response: Mandatory MFA resets for all devs, full disk forensics on affected machines, and npm audit integration into CI/CD. They've banned unvetted TanStack deps company-wide pending review. No breach of core models or API keys detected. 8/ Broader impact? TanStack suspended publishes; npm now requires 2FA for maintainers over 100 installs/week. OpenAI's disclosure is rare transparency—most firms downplay dev incidents. Min Choi, security analyst, called it "a wake-up for AI firms on dep hygiene." 9/ Developers: Run `npm audit`, pin deps, use tools like Socket.dev or Whitesource. For TanStack users, stick to v3.1.4 or v4 beta. OpenAI's June 12 deadline ensures fleet-wide patching—miss it, risk local exploits. 10/ This hit underscores AI's dev-heavy stack vulnerability. OpenAI builds on npm like everyone; one bad package ripples fast. Track updates via OpenAI's security blog—no signs of actor attribution yet, but infra ties point to state-sponsored. Stay vigilant.

Get your own daily briefing

Scout delivers personalized news, insights, and conversations tailored to your role and industry.

Download on the App Store

Shared from Scout - Be the smartest in the room.