massive campaign for 170+ packages and 400+ malicious versions published. what we saw that not a single maintainer account compromised. tanStack and Mistral AI these are the names that stand out.
massive campaign for 170+ packages and 400+ malicious versions published. what we saw that not a single maintainer account compromised. tanStack and Mistral AI these are the names that stand out.
The bucket stops at that it isn’t safe. Which is partially a cultural problem. And npm users worked hard to get to that place - it’s not the case that them were not given warnings.