On May 11, 2026, between 19:20 and 19:26 UTC, the most sophisticated supply chain attack the npm ecosystem has ever seen took place. In just six minutes, 84 malicious versions were published across 42 packages in the @tanstack namespace. It wasn't a hacker stealing credentials. It was TanStack's own legitimate pipeline, using its verified identity, executing code that no one had written. And from there, the worm spread to Mistral AI, UiPath, OpenSearch, and over 160 additional packages. The cruelest irony? The malicious packages carried valid SLSA provenance signatures. The tool designed to tell us "this package is safe" said exactly the opposite. How it happened: three chained vulnerabilities The attack — attributed to the TeamPCP group and dubbed "Mini Shai-Hulud" — didn't exploit a bug. It exploited three perfectly documented behaviors that, when combined, were lethal. Step 1: The PR no one would suspect On May 10, an attacker forked the TanStack/router repository under a new account.…