Back to Intelligence

TanStack 'Mini Shai-Hulud' Supply Chain Attack: IOC Analysis and macOS Hardening

SA
Security Arsenal Team
May 16, 2026
5 min read

OpenAI recently confirmed that two of its corporate macOS devices were compromised during the TanStack supply chain attack, dubbed "Mini Shai-Hulud." While the company stated that no user data or production systems were affected, this incident highlights a critical vulnerability in modern development environments: the implicit trust placed in open-source package managers. For defenders, this is not a theoretical risk; it is an active exploitation scenario where a trusted development tool became a vector for initial access. Immediate action is required to audit dependency chains and detect malicious post-install scripts running on developer workstations.

Technical Analysis

Threat Actor/Operation: Mini Shai-Hulud Affected Products: TanStack open-source libraries (including React Query, Table, etc.) distributed via npm. Platform: macOS (specifically targeted in the OpenAI incident), though the vector impacts all Node.js environments. CVE Identifiers: CVEs are pending assignment, but this is a confirmed supply chain compromise. Attack Chain:

  1. Compromise: Attackers gained access to the maintainer's npm account or build pipeline.
  2. Injection: Malicious code was injected into the postinstall scripts of specific TanStack package versions.
  3. Execution: When developers or CI/CD pipelines ran npm install, the malicious script executed automatically.
  4. Payload: On macOS, the payload attempted to download and execute a second-stage binary or establish persistence, forcing OpenAI to enforce macOS updates to mitigate the threat.

Exploitation Status: Confirmed Active Exploitation. This is not a proof-of-concept; it has been detected in a corporate environment targeting high-value targets.

Detection & Response

The following detection mechanisms focus on identifying anomalous behavior from npm (Node Package Manager) and node processes, specifically the execution of unauthorized sub-shells or network connections triggered during package installation—key TTPs of the Mini Shai-Hulud attack.

YAML
---
title: Potential Malicious NPM Postinstall Script Execution
id: 8a2b1c3d-4e5f-6a7b-8c9d-0e1f2a3b4c5d
status: experimental
description: Detects npm or node processes spawning shell commands, indicative of malicious postinstall scripts often used in supply chain attacks like Mini Shai-Hulud.
references:
  - https://thehackernews.com/2026/05/tanstack-supply-chain-attack-hits-two.html
author: Security Arsenal
date: 2026/05/12
tags:
  - attack.initial_access
  - attack.execution
  - attack.t1195.002
logsource:
  category: process_creation
  product: macos
detection:
  selection_parent:
    ParentImage|endswith:
      - '/npm'
      - '/node'
  selection_child:
    Image|endswith:
      - '/sh'
      - '/bash'
      - '/zsh'
      - '/curl'
      - '/wget'
  condition: selection_parent and selection_child
falsepositives:
  - Legitimate build scripts using shell utilities (verify specific package activity)
level: high
---
title: Suspicious Outbound Connection from Node Process
id: 9b3c2d4e-5f6a-7b8c-9d0e-1f2a3b4c5d6e
status: experimental
description: Detects network connections initiated directly by node or npm shortly after process start, a common C2 beaconing behavior in compromised packages.
references:
  - https://thehackernews.com/2026/05/tanstack-supply-chain-attack-hits-two.html
author: Security Arsenal
date: 2026/05/12
tags:
  - attack.command_and_control
  - attack.t1071.001
logsource:
  category: network_connection
  product: macos
detection:
  selection:
    Image|endswith:
      - '/node'
      - '/npm'
    Initiated: 'true'
  filter:
    DestinationIp|cidr:
      - '127.0.0.0/8'
      - '10.0.0.0/8'
      - '172.16.0.0/12'
      - '192.168.0.0/16'
  condition: selection and not filter
falsepositives:
  - Legitimate npm registry connections (registry.npmjs.org)
level: medium

Microsoft Sentinel / Defender KQL

Hunt for processes spawned by package managers that typically shouldn't spawn shells or network utilities.

KQL — Microsoft Sentinel / Defender
DeviceProcessEvents
| where Timestamp > ago(7d)
| where InitiatingProcessFileName in ("npm", "node", "yarn", "pnpm")
| where FileName in ("sh", "bash", "zsh", "curl", "wget", "python", "python3")
| project Timestamp, DeviceName, AccountName, InitiatingProcessCommandLine, FileName, CommandLine, SHA256
| order by Timestamp desc

Velociraptor VQL

Hunt for suspicious child processes spawned by npm or node on endpoints.

VQL — Velociraptor
-- Hunt for npm or node spawning shells or network tools
SELECT Pid, Name, CommandLine, Exe, Username, Parent.Pid AS ParentPid, Parent.Name AS ParentName, Parent.CommandLine AS ParentCmd
FROM pslist()
WHERE Parent.Name in ("node", "npm", "yarn")
  AND Name in ("sh", "bash", "zsh", "curl", "wget")

Remediation Script (Bash)

Run this script on macOS/Linux developer workstations to audit for installed TanStack versions and clear the npm cache to prevent reinstallation of malicious artifacts.

Bash / Shell
#!/bin/bash

# Audit TanStack packages in project directories
echo "[+] Auditing local projects for TanStack packages..."
find ~ -type f -name "package." -exec grep -l "@tanstack" {} \; 2>/dev/null | while read file; do
    echo "Found TanStack dependency in: $file"
    dir=$(dirname "$file")
    # Check for specific compromised versions if available, otherwise flag all for review
    npm list --depth=0 2>/dev/null | grep "@tanstack"
done

# Force clean npm cache to remove potentially malicious tarballs
echo "[+] Cleaning npm cache to remove potentially malicious artifacts..."
npm cache clean --force

# Verify integrity of node_modules (requires package-lock.)
echo "[+] Verifying package integrity..."
# This command checks the local packages against the hashes in package-lock.
if [ -f "package-lock." ]; then
    npm ci 2>/dev/null || echo "Warning: Integrity check failed or package-lock missing. Manual audit required."
else
    echo "No package-lock. found in current directory. Skipping integrity check."
fi

echo "[+] Remediation steps completed. Please review 'npm audit' output."
npm audit

Remediation

  1. Update Dependencies: Immediately update all TanStack libraries (e.g., @tanstack/react-query, @tanstack/table) to the latest patched versions available in the npm registry.
  2. macOS Updates: Ensure all macOS endpoints are updated to the latest OS version and XProtect definitions are current. OpenAI noted that macOS updates were forced to mitigate specific payload behaviors.
  3. Node Module Re-installation: Delete existing node_modules folders and package-lock. files, then reinstall dependencies using npm ci or yarn install --frozen-lockfile to ensure clean, verified packages are pulled from the registry.
  4. Audit CI/CD Pipelines: Check CI/CD logs for evidence of the compromised package versions being pulled during build processes. Rotate any secrets or credentials stored in environment variables that may have been exposed to build agents during the compromise window.

Related Resources

Security Arsenal Penetration Testing Services AlertMonitor Platform Book a SOC Assessment vulnerability-management Intel Hub

sigma-rulekql-detectionthreat-huntingdetection-engineeringsiem-detectiontanstacksupply-chainnpm

Is your security operations ready?

Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.

Book a SOC AssessmentSee AlertMonitor in Action