Another package manager supply chain attack on-going:
https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
This one affects tanstack, mistral, opensearch and many others. You really don't want to be doing deployments that aren't gated by release time dependency anymore. Pin your package versions to known good releases.
https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
This one affects tanstack, mistral, opensearch and many others. You really don't want to be doing deployments that aren't gated by release time dependency anymore. Pin your package versions to known good releases.
1
