
Sign up to save your podcasts
Or


Kate Holterhoff sits down with Jack Herrington, Principal Software Engineer at Netlify and maintainer of TanStack AI, to walk the May 2026 TanStack npm supply-chain compromise. They discuss the incident in depth, including the risk of chained attacks, the role of GitHub Actions, what we know about the hackers and mini shai-hulud. Jack also weighs in on why developers are becoming more security aware and why the supply chain and CI/CD is more important than ever in the AI era.
Show notes: https://redmonk.com/videos/jack-herrington/
Chapters:
00:00 Introduction and Background
09:08 The TanStack Hack Incident
19:26 Security Insights and Lessons Learned
26:45 Evolving Cybersecurity Threats
34:22 Understanding Vulnerabilities in Open Source
40:47 AI in Development and Security Concerns
49:50 Advice for Open Source Maintainers
By RedMonkKate Holterhoff sits down with Jack Herrington, Principal Software Engineer at Netlify and maintainer of TanStack AI, to walk the May 2026 TanStack npm supply-chain compromise. They discuss the incident in depth, including the risk of chained attacks, the role of GitHub Actions, what we know about the hackers and mini shai-hulud. Jack also weighs in on why developers are becoming more security aware and why the supply chain and CI/CD is more important than ever in the AI era.
Show notes: https://redmonk.com/videos/jack-herrington/
Chapters:
00:00 Introduction and Background
09:08 The TanStack Hack Incident
19:26 Security Insights and Lessons Learned
26:45 Evolving Cybersecurity Threats
34:22 Understanding Vulnerabilities in Open Source
40:47 AI in Development and Security Concerns
49:50 Advice for Open Source Maintainers