170 Packages. 518 Million Downloads. One Worm.
A self-propagating supply chain worm called Mini Shai-Hulud compromised TanStack, Mistral AI, UiPath, and 170+ npm/PyPI packages in hours. Then Nx Console got hijacked on the VS Code Marketplace. Here is what happened, what got stolen, and exactly how to check if you are affected.