Guide

Mini Shai-Hulud npm worm: detect, rotate, and shrink your blast radius

2026年5月16日 | 8 min read

TanStack, Mistral AI, and UiPath npm packages got hit on May 11, 2026. A 60-second detection script, a rotation-first checklist, and the single-purpose APIs that replace four of the most-poisoned package types.

Code on a terminal representing an npm supply chain incident response — Photo by Caspar Camille Rubin on Unsplash

This article is available in English.

Read full article in English

开始使用 botoi 构建

150+ 个 API 端点，涵盖查询、文本处理、图片生成和开发者工具。免费套餐，无需信用卡。

查看 API 文档浏览所有工具