npm

@beproduct/nestjs-auth

@beproduct/nestjs-auth is identified in the SafeDep analysis "Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.

discovered 2026-05-12

Threat types

other

Malicious versions

0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
0.1.10
0.1.11
0.1.12
0.1.13
0.1.14
0.1.15
0.1.16
0.1.17
0.1.18
0.1.19

Campaigns

Mini Shai-Huludattributed-to

Indicators

domaingit-tanstack.comcommunicates-with
domainfilev2.getsession.orgcommunicates-with
domain169.254.169.254communicates-with
ipv4169.254.169.254communicates-with
sha256ce7e4199506959fd7a71b64209b2c07b9c82e53a946aa7d78298dc9249230d01indicates
sha179ac49eedf774dd4b0cfa308722bc463cfe5885cindicates

Techniques

ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
ttpT1539 Steal Web Session Cookieuses

Read the full analysis →