OpenAI disclosed on May 15, 2026, that two employee devices were compromised during the TanStack npm supply chain attack, a campaign that poisoned 42 widely-used JavaScript packages. Developers who use ChatGPT Desktop, Codex App, Codex CLI, or Atlas must update those applications by June 12 or lose signing trust.

What Happened

A threat group called TeamPCP published 84 malicious versions across 42 @tanstack/* packages, embedding credential-stealing malware targeting GitHub tokens, cloud secrets, npm credentials, and CI/CD authentication material. OpenAI calls the campaign "Mini Shai-Hulud."

Two OpenAI employees whose machines had not yet received updated security controls were affected. The company confirmed that "only limited credential material was successfully exfiltrated" with no customer data, production systems, or deployed software compromised.

Why It Matters

This is the third major developer-targeted attack attributed to TeamPCP, following earlier strikes on SAP-related npm packages. Supply chain attacks are particularly damaging because malicious code enters systems through trusted packages that developers install as part of normal workflows. TanStack Query is one of the most widely installed React data-fetching libraries, which made it a high-value target. You can track active security advisories on the TanStack Query security advisories page.

OpenAI is now rotating signing certificates for four products. That rotation means existing older installs will no longer be trusted after June 12, so updating is not optional.

Key Details

  • Attack scope: 84 malicious package versions across 42 @tanstack/* packages
  • Compromised: Two OpenAI employee devices
  • Data stolen: Limited internal credentials and authentication tokens
  • Customer impact: No customer data or production systems affected
  • Threat group: TeamPCP, previously targeted SAP-related npm packages
  • Deadline: June 12, 2026 (certificates rotate, older installs lose trust)

What to Do Next

Update all affected applications before June 12. For creators using AI tools in active workflows, this is not a wait-and-see situation:

  • ChatGPT Desktop: Update through your OS app store or OpenAI's download page
  • Codex CLI: Run npm install -g @openai/codex@latest or pull the latest from OpenAI's Codex releases
  • Codex App and Atlas: Check the Codex GitHub repository for the latest installer

If you use Codex CLI as part of a generative pipeline (for automated image captioning, prompt chaining, or code-assisted creative work), run npm whoami to confirm your active npm session is intact. Also audit any CI/CD tokens stored in your development environment. Creators who rely on these tools for production work should treat June 12 as a hard cutoff. If Codex CLI is part of your setup, the Codex mobile launch earlier this month added remote project monitoring via iOS and Android, worth reviewing as you update.

OpenAI states it is "continuing to investigate the incident and monitor for any downstream abuse tied to the stolen credentials." No further user action is required beyond the application updates before June 12.