On May 11, 2026, TeamPCP launched coordinated software supply chain attacks targeting the npm and PyPI ecosystems. Over roughly six hours, the attacker published dozens of trojanized packages across multiple namespaces, including several high-profile and trusted publishers.
The attack began around 2000 UTC with the @tanstack namespace, including @tanstack/react-router (~12M weekly downloads). Additional compromises later affected packages associated with @uipath, @mistralai, @draftauth, @draftlab, @opensearch-project, and numerous smaller publishers.
Unlike traditional npm compromises involving stolen credentials, these malicious versions were published through legitimate trusted publishing workflows using valid GitHub Actions OIDC identities. As a result, package provenance, trusted publishing metadata, and package signing alone should not be considered indicators that affected releases were safe.