Skip to content

Let's Data ScienceLEARN • BUILD • STAY AHEAD

News
Blog
Code Problems
Pricing
Contact

© 2026 Let's Data Science

Advertise|Terms|Privacy||Image Rights

NewsHackers Hijack 169 Popular npm Packages

Security & Risknpm securitysupply chainwormoidc tokens

Hackers Hijack 169 Popular npm Packages

|May 12, 2026

7.2

Relevance Score

Hackers Hijack 169 Popular npm Packages — Photo: techjuice.pk · rights & takedowns

A Mini Shai-Hulud worm compromises 169 npm packages, including TanStack Mistral AI. The campaign hijacks popular developer packages and compromises projects that depend on them. Threat actor TeamPCP uses stolen OIDC tokens in the operation.

Scoring Rationale

Large-scale supply-chain compromise affecting 169 widely used packages, including an AI package, and involving stolen OIDC tokens; significant risk to developer ecosystems.

Newsletter·Weekly · Free

Weekly AI News

A 5-minute Monday brief on AI & data science. Curated, no fluff.

Email address

No spam. Privacy.

Practice interview problems based on real data

1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.

Try 250 free problems

More AI & Data Science News

Arm announces AGI-focused processors and new developer language

Arm announces AGI-focused processors and new developer language

ENERtec Asia and ETCon26 Form Integrated Energy-AI Platform

ENERtec Asia and ETCon26 Form Integrated Energy-AI Platform

Vibe Coding Floods App Market, Raises Competition

Vibe Coding Floods App Market, Raises Competition

UCF Speaker Booed Over Pro-AI Remarks

UCF Speaker Booed Over Pro-AI Remarks

Back to News Feed

News on Let's Data Science is compiled from multiple public sources with editorial oversight. See our Editorial Standards and Corrections Policy.