SlowMist Says npm Worm Hit Trusted Developer Projects Including TanStack and UiPath
According to SlowMist, the "Mini Shai-Hulud" npm worm used hijacked GitHub credentials to push malicious package updates that stole sensitive development and wallet data.