---
type: "Evidence Item"
title: "Our response to the TanStack npm supply chain attack"
description: "OpenAI details its response to the TanStack “Mini Shai-Hulud” supply chain attack, outlines protections taken to secure systems and signing certificates, and explains why macOS."
resource: "https://openai.com/index/our-response-to-the-tanstack-npm-supply-chain-attack"
tags: ["appendix-iii", "vendor", "openai"]
timestamp: "2026-05-13"
category: "vendor"
publisher: "OpenAI"
cope_score: 64
confidence: 0.9
---

# Our response to the TanStack npm supply chain attack

# Claim

OpenAI details its response to the TanStack “Mini Shai-Hulud” supply chain attack, outlines protections taken to secure systems and signing certificates, and explains why macOS users must update OpenAI apps by June 12, 2026. Learn what happened, what was affected, and how OpenAI is strengthening defenses against evolving software supply chain threats.

# Relevance

Appendix III, section two: vendor threshold and platform capability evidence

# Oracle Verdict

This is a lower-to-mid strength vendor signal for the capability register. It does not prove displacement on its own, but it records another platform step that can later show up as workflow automation, procurement change, or organisational dependency.

# Metadata

* Publisher: OpenAI
* Category: vendor
* Sector: Software engineering
* Capability: Cyber defence and misuse monitoring
* Cope score: 64
* Confidence: 0.9

# Related Concepts

* [Live evidence index](index.md)
* [Thesis](../thesis.md)

# Citations

[1] [Our response to the TanStack npm supply chain attack](https://openai.com/index/our-response-to-the-tanstack-npm-supply-chain-attack)