The MonkCast

Jack Herrington on TanStack's npm Mini Shai-Hulud Compromise


Listen Later

Kate Holterhoff sits down with Jack Herrington, Principal Software Engineer at Netlify and maintainer of TanStack AI, to walk the May 2026 TanStack npm supply-chain compromise. They discuss the incident in depth, including the risk of chained attacks, the role of GitHub Actions, what we know about the hackers and mini shai-hulud. Jack also weighs in on why developers are becoming more security aware and why the supply chain and CI/CD is more important than ever in the AI era.

Show notes: https://redmonk.com/videos/jack-herrington/

Chapters:
00:00 Introduction and Background
09:08 The TanStack Hack Incident
19:26 Security Insights and Lessons Learned
26:45 Evolving Cybersecurity Threats
34:22 Understanding Vulnerabilities in Open Source
40:47 AI in Development and Security Concerns
49:50 Advice for Open Source Maintainers

...more
View all episodesView all episodes
Download on the App Store

The MonkCastBy RedMonk