Other2026-05-13
Mistral packages caught in 'Mini Shai-Hulud' OSS supply-chain attack

AI Analysis
A sprawling supply-chain attack dubbed 'Mini Shai-Hulud' compromised hundreds of open-source packages, including TanStack and MistralAI repositories. The incident targets the OSS ecosystem broadly and raises fresh concerns about provenance and signing for AI-adjacent dependencies — landing the same week as the Hugging Face fake-OpenAI-repo incident.