This is a developing event and has been generated by AI. Details may change as more information becomes available and human review is completed.
TanStack npm Supply Chain Attack Affects OpenAI and AI Ecosystem – May 2026
Impact Assessment Rationale
The attack affects a widely-used open-source library and multiple AI companies including OpenAI, suggesting broad potential exposure across the technology sector. However, the article provides limited detail on confirmed data loss or financial damage, keeping impact at medium pending further disclosure.
View assessment methodology →Loading map...
Geographic Zone Matches
1 active match
- TRIA Certified AreasRule-basedConfidence 100%
Geographic zone matches are RiskEvents spatial/analytical indicators, not coverage determinations or Lloyd's official classifications.
Summary
A supply chain attack targeting the popular open-source TanStack npm library and additional npm and PyPI packages has impacted several AI companies, including OpenAI. OpenAI has urged macOS users to update their software in response to the expanding campaign. The incident represents a broad supply chain compromise affecting the AI development ecosystem. The attack has prompted advisories from affected organisations and ongoing investigation.
This summary is AI-generated from linked source reports and may change as more information becomes available. See our correction policy for how to report errors.
Structured Intelligence
known
- TanStack npm library has been compromised in a supply chain attack
- Additional npm and PyPI packages tied to several AI companies are also affected
- OpenAI has asked macOS users to update their software in response
- The campaign is described as expanding
reported
- Multiple AI companies beyond OpenAI are impacted by the supply chain campaign
- Both npm and PyPI package ecosystems are involved in the attack
uncertain
- The full scope and attribution of the supply chain attack remain unclear
- The extent of data exfiltration or system compromise at affected organisations is not confirmed
- Whether the attack is ongoing or contained is not specified
Affected Countries
Key Entities
Sources
Trade Media
- The Record (Cyber)14 May 2026, 20:55
- BleepingComputer21 May 2026, 07:54
Timeline
Status changed to developing
Auto-promoted: multiple sources
Corroborating source
GitHub has confirmed that hackers breached approximately 3,800 internal repositories by exploiting a malicious version of the Nx Console VS Code extension, which was compromised as part of a broader TanStack npm supply-chain attack. The attack vector involved a poisoned npm package distributed through the TanStack ecosystem, which then propagated to the Nx Console extension used by developers. This represents a multi-stage software supply chain compromise affecting a major code hosting and development infrastructure platform. The full scope of data exposure across the breached repositories remains under investigation.
GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack.
Source: BleepingComputer (Trade Media) · View source
Initial Detection
A supply chain attack targeting the popular open-source TanStack npm library and additional npm and PyPI packages has impacted several AI companies, including OpenAI. OpenAI has urged macOS users to update their software in response to the expanding campaign. The incident represents a broad supply chain compromise affecting the AI development ecosystem. The attack has prompted advisories from affected organisations and ongoing investigation.
The actions are being taken in light of an expanding supply chain campaign impacting the popular open-source library TanStack and additional npm and PyPI packages tied to several AI companies.
Source: The Record (Cyber) (Trade Media) · View source