Hello.
There is a new npm supply chain attack.
For more information, please refer to "Mini Shai-Hulud" search in X.
The risk of VibeCoding using AI Agents has increased.
First, please see the Geeknews article.
Return of Mini Shai-Hulud: Self-Propagating Supply Chain Attack Hits npm Ecosystem (5/11)
https://news.hada.io/topic?id=29427
Many AI-related packages appear to have been targeted.
The packages discovered so far are summarized on the following site.
TanStack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack
https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
You may also want to read the following article about supply chain attacks.
Reducing npm Package Supply Chain Attacks with Minimum Release Age
https://velog.io/@okorion/Minimum-Release-Age로-npm-패키지-공급망-공격을-줄이기-p6qaw1m8