1004: TanHacked

May 13, 2026

AI Summary

5 min read

The latest in a series of supply chain attacks dubbed "Shy Halud" worms—named after a Dune sandworm—has compromised popular JavaScript packages including TanStack, UIPath libraries, and Mistral AI tools, along with Python packages on PyPI. This "mini Shy Halud" follows earlier variants from September, November, and December 2025 that hit NPM packages and tools like PostHog, Zapier, and Postman. Hosts Wes Bos and Scott Tolinski explain how attackers bypassed maintainer credentials entirely, using GitHub Actions vulnerabilities to poison caches and publish malicious updates.

How the GitHub Actions Cache Was Poisoned

Attackers exploited GitHub Actions' shared cache in pull requests, specifically the pull_request_target event, which runs with elevated permissions and shares cache across PRs. They opened a pull request to TanStack repositories, injecting malicious code into the PNPM store cache during a workflow like bundle size checks. The PR was then deleted, but the poisoned cache persisted.

Continue reading the full summary in the app — free to try.

Read Full Summary →

Free • No credit card required

Listen to Audio Summary Open in App

What you'll learn

1 (00:00) **Intro to TanHacked Supply Chain Attack** - Hosts introduce TanStack and ecosystem packages hit by Shai-Hulud worm series.
2 (00:27) **History of Shai-Hulud Worms** - Overview of prior attacks: original in Sept 2025, 2.0 in Nov (PostHog, Zapier, Postman), 3.0 in Dec, now mini version.
3 (02:01) **Attack Mechanism: GitHub Actions Cache Poisoning** - Attacker poisons PNPM store cache via pull request target workflow.
4 (04:45) **Capturing NPM Publish Token** - Poisoned script fails but grabs OIDC token during cleanup for NPM publishing access.
5 (06:10) **Worm Propagation Across Ecosystem** - Compromised TanStack spreads to UIPath, Mistral, and more JS/Python packages.
6 (07:23) **Malicious Payload Behaviors** - Harvests AWS creds, injects into Claude settings.json and VS Code tasks.json for auto-execution.
7 (08:19) **Dead Man's Switch Threat** - Malware pings GitHub API; revokes trigger rm -rf on home directory.

+ Full timestamped outline available in the app

Show Notes

Scott and Wes break down the “Mini Shai-Hulud” supply chain attack that compromised TanStack and other popular npm packages through a clever GitHub Actions cache poisoning exploit; a self-propagating worm that stole credentials and persisted through Claude Code hooks and VS Code tasks. They also cover how developers can protect themselves using pnpm’s security defaults, dev containers, and other practical defenses.

Show Notes

00:00 Welcome to Syntax!
00:25 Understanding the Shai-Hulud Worm
- Post Mortem of Shai Hulud Attack
02:47 Mechanics of the Attack: GitHub Actions and Cache
05:44 Brought to you by Sentry.io
06:09 Propagation and Impact of the Worm
09:30 Preventative Measures for Developers
- Dead Man’s Switch
12:33 The Role of Package Managers in Security
- Block Exotic Subdeps
18:39 Using Dev Containers
- Why You Should Use Dev Containers
- Scott Tolinski’s Security Review
20:57

More from this podcast
Syntax - Tasty Web Development Treats →