{"@type":"StructuredNewsArticle","access":{"license":"neupai_standard","structured_data":"free","full_text_access":null,"full_text_available":false,"attribution_required":true},"content":{"claims":[{"id":"c1","type":"fact","as_of":"2026-05","figures":null,"insight":null,"as_of_raw":"May 2026","statement":"Some OpenAI employee devices were compromised and parts of internal source code were stolen","comparison":null,"expiry_hint":null,"source_type":"company_disclosure","as_of_explicit":false},{"id":"c2","type":"fact","as_of":"2026-05-11","figures":null,"insight":null,"as_of_raw":"May 11","statement":"Attackers planted 84 malicious versions across 42 packages in the npm repository in just 6 minutes on May 11","comparison":null,"expiry_hint":null,"source_type":"industry_estimate","as_of_explicit":true},{"id":"c3","type":"fact","as_of":"2026-05-11","figures":null,"insight":null,"as_of_raw":"May 11","statement":"Attackers planted malicious versions in 42 packages","comparison":null,"expiry_hint":null,"source_type":"industry_estimate","as_of_explicit":true},{"id":"c4","type":"fact","as_of":"2026-05-11","figures":null,"insight":null,"as_of_raw":"May 11","statement":"84 malicious versions were planted in the npm repository","comparison":null,"expiry_hint":null,"source_type":"industry_estimate","as_of_explicit":true},{"id":"c5","type":"fact","as_of":"2026-05-11","figures":null,"insight":null,"as_of_raw":"in about 20 minutes","statement":"External researchers detected and reported this in about 20 minutes","comparison":null,"expiry_hint":null,"source_type":"industry_estimate","as_of_explicit":false},{"id":"c6","type":"fact","as_of":"2026-05","figures":null,"insight":null,"as_of_raw":"May 2026","statement":"Damage spread to over 160 packages in the npm and PyPI ecosystems","comparison":null,"expiry_hint":null,"source_type":"industry_estimate","as_of_explicit":false}],"topics":["security","cybersecurity","open source","software","ai"],"summary":"A supply chain attack through the open source library TanStack affected OpenAI and others, but user data was confirmed to be safe. The attackers planted 84 malicious versions across 42 packages in just 6 minutes, with damage spreading to over 160 packages.","entities":[{"name":"OpenAI","type":"company","metadata":{"parent":null,"ticker":null},"canonical_id":"corp:us:openai","role_in_article":"primary_subject"},{"name":"TanStack","type":"product","metadata":{"parent":null,"ticker":null},"canonical_id":"product:xx:kabka","role_in_article":"mentioned"},{"name":"Mistral AI","type":"company","metadata":{"parent":null,"ticker":null},"canonical_id":"corp:fr:mistral-ai","role_in_article":"mentioned"},{"name":"UiPath","type":"company","metadata":{"parent":null,"ticker":null},"canonical_id":"corp:us:uipath","role_in_article":"mentioned"},{"name":"TeamPCP","type":"organization","metadata":{"parent":null,"ticker":null},"canonical_id":"org:xx:kpcp","role_in_article":"mentioned"}],"headline":"TanStack open source supply chain attack hits OpenAI and others...\"User data is safe\" - Tech42","geography":["KR"],"ai_emotional_context":{"arousal":0,"valence":0,"primary_emotions":[],"emotional_triggers":[],"secondary_emotions":[]}},"@context":"https://neupai.io/schema/v0.2","identity":{"ai_url":null,"author":"버트","language":"en","publisher":{"name":"테크42","type":"online","domain":"www.tech42.co.kr"},"article_id":"tech42_20260514_tanstack-supply-chain-attack-openai","updated_at":null,"originality":"self_produced","article_type":"straight_news","published_at":"2026-05-14T23:32:58.000Z","canonical_url":"https://www.tech42.co.kr/%ed%83%a0%ec%8a%a4%ed%83%9d-%ec%98%a4%ed%94%88%ec%86%8c%ec%8a%a4-%ea%b3%b5%ea%b8%89%eb%a7%9d-%ea%b3%b5%ea%b2%a9-%ec%98%a4%ed%94%88ai%ea%b9%8c%ec%a7%80-%ed%94%bc%ed%95%b4-%ec%82%ac%ec%9a%a9/?utm_source=rss&utm_medium=rss&utm_campaign=%25ed%2583%25a0%25ec%258a%25a4%25ed%2583%259d-%25ec%2598%25a4%25ed%2594%2588%25ec%2586%258c%25ec%258a%25a4-%25ea%25b3%25b5%25ea%25b8%2589%25eb%25a7%259d-%25ea%25b3%25b5%25ea%25b2%25a9-%25ec%2598%25a4%25ed%2594%2588ai%25ea%25b9%258c%25ec%25a7%2580-%25ed%2594%25bc%25ed%2595%25b4-%25ec%2582%25ac%25ec%259a%25a9"},"temporal":{"freshness":"recent","next_update_expected":null},"provenance":{"source_chain":["primary_reporting"],"related_articles":[],"original_source_url":null}}