<![CDATA[πŸ¦‹ 🚨 UPDATE: Mini Shai-Hulud has crossed from @npmjs.bsky.social into @pypi.org and is still spreading.]]>πŸ¦‹ 🚨 UPDATE: Mini Shai-Hulud has crossed from
@npmjs.bsky.social into @pypi.org and is still spreading.

Newly confirmed compromised artifacts:

@​opensearch-project/opensearch: 3.5.3, 3.6.2, 3.7.0, 3.8.0 (1.3M weekly downloads)

mistralai: 2.4.6 on PyPI

guardrails-ai: 0.10.1 on PyPI

πŸ”— https://bsky.app/profile/socket.dev/post/3mln2ck4joc2p

]]>https://board.circlewithadot.net/topic/0fe82406-989c-49e4-948c-31db1de9e8e3/update-mini-shai-hulud-has-crossed-from-@npmjs.bsky.social-into-@pypi.org-and-is-still-spreading.RSS for NodeThu, 14 May 2026 23:35:04 GMTTue, 12 May 2026 10:41:22 GMT60