massive campaign for 170+ packages and 400+ malicious versions published. what we saw that not a single maintainer account compromised. tanStack and Mistral AI these are the names that stand out.
massive campaign for 170+ packages and 400+ malicious versions published. what we saw that not a single maintainer account compromised. tanStack and Mistral AI these are the names that stand out.
So how does this actually work? Lets say there is a package called A version 2.2.1. Other creates a fake package A 2.2.2 with malicous script and publishes it in npm. My question is why would anyone install this if it is not coming from the original package’s publisher? Would an automated updater even use these packages for an update if it is not coming from the same publisher? My second question is did this attacker use hundereds of different accounts to publish these hundereds of packages? If not isn’t it suspicious that a single account published so many packages all at once?
it was coming from the original package publisher. tanstack was cache poisoning via pr, so no account credentials were stolen but it was published as a normal update
https://tanstack.com/blog/npm-supply-chain-compromise-postmortem
and then other packages like mistral were affected because they depend on tanstack so those were direct credential hijacks?
probably not, I haven’t seen any other post mortems but the tanstack ones were only up for 20 minutes so really low chance. I wouldn’t be surprised if they were all a similar approach and that’s why they all happened at the same time