Compromised packages, npm attack #2489

cutie-hashi · 2026-05-15T13:27:23Z

cutie-hashi
May 15, 2026

Hello, there was an supply chain attack from the 11-13th and these following packages which include multiple (still available) versions were compromised. I was hacked from the result of installing this plugin, please do proper deep researches to fix it.
The "Mini Shai-Hulud" worm is still actively infecting new packages every hour.

node-ipc
mistralai
transformers. pyz
comfyui-frontend

Zamindar-Coder · 2026-05-16T07:56:23Z

Zamindar-Coder
May 16, 2026

Thanks bud

0 replies

FabioLe23 · 2026-05-16T15:34:17Z

FabioLe23
May 16, 2026

on which operating system windows or linux.

2 replies

cutie-hashi May 16, 2026
Author

Im on windows

FabioLe23 May 18, 2026

Thanks for the reply.
I use Linux Mint, so I shouldn't have these problems.

Acly · 2026-05-16T15:39:11Z

Acly
May 16, 2026
Maintainer

The last plugin release was on May 3rd, long before the attack?

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Compromised packages, npm attack #2489

Uh oh!

{{title}}

Uh oh!

Replies: 3 comments 2 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Compromised packages, npm attack #2489

Uh oh!

cutie-hashi May 15, 2026

Replies: 3 comments · 2 replies

Uh oh!

Zamindar-Coder May 16, 2026

Uh oh!

FabioLe23 May 16, 2026

Uh oh!

cutie-hashi May 16, 2026 Author

Uh oh!

FabioLe23 May 18, 2026

Uh oh!

Acly May 16, 2026 Maintainer

cutie-hashi
May 15, 2026

Replies: 3 comments 2 replies

Zamindar-Coder
May 16, 2026

FabioLe23
May 16, 2026

cutie-hashi May 16, 2026
Author

Acly
May 16, 2026
Maintainer