May 2026 - NPM + PyPI Supply Chain Attack: How to Delay Dependency Updates
On May 11, 2026, a coordinated attack on the supply chain compromised over 170 npm packages and 2 PyPI packages, resulting in a total of 404 malicious versions. The attacker targeted the entire TanStack router ecosystem (42 packages), Mistral AI’s SDK suite (on both npm and PyPI), UiPath’s automation tooling (65 packages), OpenSearch (1.3 million weekly npm downloads) and Guardrails AI (PyPI). This is one of the biggest coordinated registry poisoning events we’ve seen in 2026, and it’s the first time both npm and PyPI have been affected in a single campaign.
Of course, this is not the first time these attacks have happened. The incident in September involved NPM support impersonators gaining access to a user’s account through social engineering. The crypto-stealing malware was detected and stopped before doing any damage.
In November, a sophisticated worm named Shai-Hulud 2.0 exploited a back door to compromise 796 NPM packages. This malware installed an executable bun script that scanned for GitHub tokens, cloud credentials, npm tokens and filesystem API keys and passwords.
In March 2026, Axios, a popular JavaScript library used to simplify HTTP requests, became a target. An attacker introduced a malicious dependency called ‘plain-crypto-js’. This cleverly disguised itself as a dropper and installed the WAVESHAPER.V2 backdoor on Windows, macOS, and Linux.
Photo by Pixabay from Pexels: https://www.pexels.com/photo/security-logo-60504/
What Is a Supply Chain Attack?
Supply chain attacks via NPM occur when malicious actors infiltrate open-source JavaScript packages on the NPM registry and inject harmful code. Since developers and automated CI/CD systems continually grab these dependencies, a compromised package can quietly spread to millions of web applications, developer computers, and business servers.
What Can you do?
For developers who work on their local machine, you can use dev containers. This sandboxes your development environment from the rest of your computer. Another solution is to delay any updates to your packages, allowing any security issues to be detected.
How do I delay any updates?
Depending on which package manager you use, there are different ways:
NPM
NPM doesn’t have this enabled by default. To enable it globally, run the following in the terminal. It uses a setting called min-release-age. I use Node Version Manager on my Mac, so this is added to a npmrc file inside the /Users/username/.nvm/versions/node/v25.9.0/etc folder.
npm config set min-release-age=1
PNPM
The pnpm-workspace.yaml config file includes a setting called minimumReleaseAge, which defaults to 1440. To change this per project, simply edit the yaml file in your project root directory.
Bun
Buns doesn’t include this feature by default. To enable it globally, create a .bunfig.toml config file in your home directory. Alternatively, you can use it on a per-project basis by adding the toml file to the root directory of your project.
[install]
# Only install package versions published at least 3 days ago
minimumReleaseAge = 86400Yarn
Yarn has this security feature enabled by default. The period is set to 3 days before installing or updating dependencies. The setting is npmMinimalAgeGate:"3d" and it resides in the .yarnrc.yml file.
Conclusion
In short, May 2026 is a reminder that supply chain risk is now routine, not exceptional. When attackers can poison hundreds of releases across npm and PyPI in a single campaign, “just update everything immediately” stops being a sensible default. The goal isn’t to fear upgrades, it’s to make them safer: isolate your dev environment with containers, keep an eye on advisories, and introduce a small time buffer before adopting freshly published versions. Simple controls like minimum release age, combined with basic hygiene around tokens and CI, won’t eliminate risk, but they dramatically reduce the chances that a bad release lands in your workstation or pipeline first.