{"@context":"https://neupai.io/schema/v0.2","@type":"StructuredNewsArticle","identity":{"article_id":"tech42_20260514_tanstack-supply-chain-attack-openai","canonical_url":"https://www.tech42.co.kr/%ed%83%a0%ec%8a%a4%ed%83%9d-%ec%98%a4%ed%94%88%ec%86%8c%ec%8a%a4-%ea%b3%b5%ea%b8%89%eb%a7%9d-%ea%b3%b5%ea%b2%a9-%ec%98%a4%ed%94%88ai%ea%b9%8c%ec%a7%80-%ed%94%bc%ed%95%b4-%ec%82%ac%ec%9a%a9/?utm_source=rss&utm_medium=rss&utm_campaign=%25ed%2583%25a0%25ec%258a%25a4%25ed%2583%259d-%25ec%2598%25a4%25ed%2594%2588%25ec%2586%258c%25ec%258a%25a4-%25ea%25b3%25b5%25ea%25b8%2589%25eb%25a7%259d-%25ea%25b3%25b5%25ea%25b2%25a9-%25ec%2598%25a4%25ed%2594%2588ai%25ea%25b9%258c%25ec%25a7%2580-%25ed%2594%25bc%25ed%2595%25b4-%25ec%2582%25ac%25ec%259a%25a9","ai_url":null,"publisher":{"name":"테크42","domain":"www.tech42.co.kr","type":"online"},"author":"버트","published_at":"2026-05-14T23:32:58.000Z","updated_at":null,"language":"en","article_type":"straight_news","originality":"self_produced"},"content":{"headline":"TanStack open source supply chain attack hits OpenAI and others...\"User data is safe\" - Tech42","summary":"A supply chain attack through the open source library TanStack affected OpenAI and others, but user data was confirmed to be safe. The attackers planted 84 malicious versions across 42 packages in just 6 minutes, with damage spreading to over 160 packages.","topics":["security","cybersecurity","open source","software","ai"],"geography":["KR"],"entities":[{"name":"OpenAI","canonical_id":"corp:us:openai","type":"company","role_in_article":"primary_subject","metadata":{"ticker":null,"parent":null}},{"name":"TanStack","canonical_id":"product:xx:kabka","type":"product","role_in_article":"mentioned","metadata":{"ticker":null,"parent":null}},{"name":"Mistral AI","canonical_id":"corp:fr:mistral-ai","type":"company","role_in_article":"mentioned","metadata":{"ticker":null,"parent":null}},{"name":"UiPath","canonical_id":"corp:us:uipath","type":"company","role_in_article":"mentioned","metadata":{"ticker":null,"parent":null}},{"name":"TeamPCP","canonical_id":"org:xx:kpcp","type":"organization","role_in_article":"mentioned","metadata":{"ticker":null,"parent":null}}],"claims":[{"id":"c1","statement":"Some OpenAI employee devices were compromised and parts of internal source code were stolen","as_of":"2026-05","as_of_explicit":false,"as_of_raw":"May 2026","source_type":"company_disclosure","comparison":null,"type":"fact","figures":null,"expiry_hint":null,"insight":null},{"id":"c2","statement":"Attackers planted 84 malicious versions across 42 packages in the npm repository in just 6 minutes on May 11","as_of":"2026-05-11","as_of_explicit":true,"as_of_raw":"May 11","source_type":"industry_estimate","comparison":null,"type":"fact","figures":null,"expiry_hint":null,"insight":null},{"id":"c3","statement":"Attackers planted malicious versions in 42 packages","as_of":"2026-05-11","as_of_explicit":true,"as_of_raw":"May 11","source_type":"industry_estimate","comparison":null,"type":"fact","figures":null,"expiry_hint":null,"insight":null},{"id":"c4","statement":"84 malicious versions were planted in the npm repository","as_of":"2026-05-11","as_of_explicit":true,"as_of_raw":"May 11","source_type":"industry_estimate","comparison":null,"type":"fact","figures":null,"expiry_hint":null,"insight":null},{"id":"c5","statement":"External researchers detected and reported this in about 20 minutes","as_of":"2026-05-11","as_of_explicit":false,"as_of_raw":"in about 20 minutes","source_type":"industry_estimate","comparison":null,"type":"fact","figures":null,"expiry_hint":null,"insight":null},{"id":"c6","statement":"Damage spread to over 160 packages in the npm and PyPI ecosystems","as_of":"2026-05","as_of_explicit":false,"as_of_raw":"May 2026","source_type":"industry_estimate","comparison":null,"type":"fact","figures":null,"expiry_hint":null,"insight":null}],"ai_emotional_context":{"valence":0,"arousal":0,"primary_emotions":[],"secondary_emotions":[],"emotional_triggers":[]}},"provenance":{"source_chain":["primary_reporting"],"original_source_url":null,"related_articles":[]},"temporal":{"freshness":"recent","next_update_expected":null},"access":{"license":"neupai_standard","attribution_required":true,"structured_data":"free","full_text_available":false,"full_text_access":null}}