Aikido Security
@AikidoSecurity
The best way to secure everything you build, ship & run.
🌐
⭐️
Get developers back to building.
1.1K Following 10.8K Followers
Update 5:05 PT: The attack has now expanded well beyond @TanStack and @Mistral.
373 malicious package-version entries across 169 npm package names, including @uipath, @squawk, @tallyui, @beproduct, and more.
The malware propagates by stealing your CI credentials and using them to publish new compromised versions.
Full IOCs, affected package list, and detection steps:
Show more
Aikido Device Protection blocks malicious extensions, IDE plugins, and packages. Full visibility and control over every developer device.
Block malicious browser extensions, IDE plugins, and code libraries. Aikido Device Protection gives you visibility and control over the software packages installed on your dev's devices.
Developer machines hold your most sensitive assets. Aikido Device Protection blocks malicious packages and extensions before they reach your devices.
How often do you read a vulnerability alert and think, “Do I even need to care about this?”. Aikido gives you the answer before you lose another hour.
