OpenAI said Wednesday it found no evidence that user data was accessed after a supply-chain attack involving TanStack npm, a widely used open-source JavaScript library. The ChatGPT maker is now urging macOS users to update their apps by June 12th.

OpenAI said two employee devices were impacted after attackers compromised the TanStack npm open-source library earlier this week.
The company said no evidence suggests production systems, intellectual property, or user data were compromised.
OpenAI is rotating code-signing certificates and requiring macOS users to update their applications.

Key Takeaways by nexos.ai, reviewed by Cybernews staff.

According to OpenAI, attackers exfiltrated limited credential material from affected code repositories after two employee devices inside the company’s corporate environment were compromised.

Hackers inject malware into TanStack npm packages

The incident is tied to a broader supply-chain attack involving TanStack npm that took place earlier this week, an open-source library widely used by developers building JavaScript and TypeScript applications.

Hackers were said to have injected the Mini Shai-Hulud malware into hundreds of packages on NPM (Node Package Manager) between 19:20 and 19:26 UTC on Monday, publishing 84 malicious versions across 42 TanStack packages.

Apparently, any malicious packages pulled by developers would have exposed their credentials to the hackers, all while the malware self-propagated to other packages tied to the infected account.

Once the victim, realizing they had been compromised, attempted to rotate stolen tokens, the malware would automatically run a command to wipe the entire root directory.

Mistral AI reportedly impacted in broader campaign

The incident comes as software supply-chain attacks continue targeting widely used developer tools, open-source packages, and code repositories.

Researchers first identified the Mini Shai-Hulud worm on April 29th as part of a broader wave of Shai-Hulud supply-chain attacks targeting open-source repositories and developer ecosystems.

npm package compromise — Mini Shai-Hulud malware campaign targeted npm packages in broader supply-chain attack. Image by Cybernews.

StepSecurity, which first reported the compromise to TanStack’s team, attributes the supply chain attack to TeamPCP, a financially motivated threat group that first made waves in 2025.

The French AI startup Mistral AI was also reportedly breached earlier this week as part of the TeamPCP campaign, with attackers claiming to have compromised more than 450 repositories associated with the company.

In its postmortem released Monday, TanStack said TeamPCP had published malicious versions across dozens of npm packages on May 11th after abusing GitHub Actions workflows.

OpenAI rotates certificates, urges macOS users to update

As part of its response, the AI startup is rotating its code-signing certificates, a move that will require macOS users to update their OpenAI-integrated applications, including ChatGPT and Codex.

The code-signing certificates are used to verify that its macOS applications are legitimate versions released by the company.

openai-codex — OpenAI says macOS users must update ChatGPT and Codex applications by June 12th. Image by PixieMe | Shutterstock

OpenAI said the update – which must be completed by June 12th – is meant to prevent the “however unlikely” risk of someone attempting to distribute a fake app appearing to come from OpenAI.

Users are instructed to use the in-app update process or official OpenAI download links.

Don't miss our latest stories on Google News

OpenAI said it isolated the affected systems immediately after detecting the incident and temporarily restricted code-deployment workflows to contain the impact.

The company also said no other code or information was impacted, and there was no evidence its production systems or software had been altered during the attack.