On 11 May 2026, a coordinated supply chain attack was launched against the npm and PyPI ecosystems, targeting high-value developer tools and enterprise platforms. The campaign compromised a wide range of popular packages, including the @tanstack namespace (such as @tanstack/react-router), the official mistralai clients for TypeScript and Python, and AI safety tools like guardrails-ai.
Appian has investigated this vulnerability and affected services, and determined that it is not impacted, as no vulnerable versions of the packages are used in the Appian Cloud environment or any of Appian’s products. We will continue to monitor the situation and provide any updates as appropriate.
This article applies to all supported versions of Appian.
Last reviewed: May 13, 2026