OpenAI Responds to TanStack npm Supply Chain Compromise – Required Actions and Timeline

Regulatory action

OpenAI announced that attackers inserted malicious code into TanStack npm packages, which reached two employee workstations before the organization’s phased rollout of new supply‑chain protections took effect. The intrusion resulted in the exfiltration of a small set of internal credentials and forced OpenAI to rotate signing certificates for its macOS desktop products.

What it requires

1. Immediate certificate rotation – OpenAI must replace the code‑signing certificates used for ChatGPT Desktop, Codex App, Codex CLI, and Atlas. All affected binaries will be re‑signed with new keys.
2. Mandatory software update – Users of the impacted macOS applications are required to download and install the updated versions no later than 12 June 2026. The update includes the new certificates and the latest supply‑chain checks.
3. Enhanced package‑management controls – The incident triggered the activation of OpenAI’s new npm‑registry verification policy, which blocks packages that lack a verified provenance record. All development machines must be enrolled in this policy by the end of the current rollout phase.
4. Credential rotation – Any GitHub tokens, npm credentials, or cloud secrets that may have been exposed must be regenerated. OpenAI’s internal policy mandates a full rotation within 48 hours of detection.
5. Audit and reporting – The security team will conduct a post‑incident audit of all repositories that were reachable from the compromised devices. Findings will be reported to the EU Data Protection Board and the U.S. Federal Trade Commission under the relevant breach‑notification requirements.

Compliance timeline

Milestone	Deadline	Responsible party
Release of re‑signed macOS binaries	5 June 2026	OpenAI Release Engineering
End‑user update required	12 June 2026	All OpenAI macOS product users
Completion of credential rotation	14 June 2026	Internal Security Operations
Publication of audit results to regulators	30 June 2026	Compliance & Legal
Full enforcement of npm provenance checks on all developer workstations	31 July 2026	IT Operations

Why the actions matter

The Mini Shai‑Hulud campaign, which has targeted npm ecosystems, relies on compromised publishing credentials to inject malicious code into trusted development pipelines. By rotating signing certificates and enforcing provenance verification, OpenAI restores the trust chain that validates software authenticity. The mandated update deadline ensures that no user remains on a version signed with a compromised key, thereby eliminating a vector for downstream attacks.

Next steps for organizations using OpenAI tools

• Verify that the installed version of any OpenAI macOS application is ≥ 5.3.2 (the version that includes the new certificates). You can check the version number in the About dialog.
• Review internal npm configuration files (e.g., .npmrc) to confirm that the registry entry points to the verified OpenAI‑managed registry.
• Conduct a rapid credential health check: revoke any tokens that were generated before 15 May 2026 and replace them with newly issued secrets.
• Update incident‑response playbooks to include a checklist for supply‑chain verification failures, referencing the OpenAI guidance linked below.

References

• OpenAI security advisory: https://openai.com/security/2026/05/15/tanstack‑supply‑chain‑incident
• npm provenance documentation: https://docs.npmjs.com/cli/v9/configuring-npm/package-provenance
• EU GDPR breach‑notification guidance: https://gdpr.eu/breach-notification/
• FTC Safeguards Rule overview: https://www.ftc.gov/tips-advice/business-center/privacy-and-security/ftc-safeguards-rule

OpenAI continues to monitor for any downstream misuse of the stolen credentials and will issue further notices should additional risk be identified.