KB-2382 Information about the Axios Supply Chain Compromisehttps://community.appian.com/support/w/kb/3810/kb-2382-information-about-the-axios-supply-chain-compromiseen-USTelligent Community 12KB-2382 Information about the Axios Supply Chain Compromisehttps://community.appian.com/support/w/kb/3810/kb-2382-information-about-the-axios-supply-chain-compromiseWed, 13 May 2026 20:18:13 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:d49276b2-ef34-4bae-a832-6fb52350b0d5Kaushal Patelhttps://community.appian.com/support/w/kb/3810/kb-2382-information-about-the-axios-supply-chain-compromise#commentsCurrent Revision posted to Appian Knowledge Base by Kaushal Patel on 5/13/2026 8:18:13 PM<br /> <p><span style="font-weight:400;">On 11 May 2026, a coordinated supply chain attack was launched against the npm and PyPI ecosystems, targeting high-value developer tools and enterprise platforms. The campaign compromised a wide range of popular packages, including the @tanstack namespace (such as </span><span style="font-weight:400;">@tanstack/react-router</span><span style="font-weight:400;">), the official mistralai clients for TypeScript and Python, and AI safety tools like guardrails-ai.&nbsp;</span></p> <p><span style="font-weight:400;">Appian has investigated this vulnerability and affected services, and determined that it is </span><b>not impacted</b><span style="font-weight:400;">, as no vulnerable versions of the packages are used in the Appian Cloud environment or any of Appian&rsquo;s products. We will continue to monitor the situation and provide any updates as appropriate.</span></p> <h2 id="mcetoc_1jl7jgb3u1"><span style="font-weight:400;">Supporting Documentation:</span></h2> <ul> <li style="font-weight:400;"><a href="https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised"><span style="font-weight:400;">https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised</span></a></li> <li style="font-weight:400;"><a href="https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack"><span style="font-weight:400;">https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack</span></a></li> <li style="font-weight:400;"><a href="https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised"><span style="font-weight:400;">https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised</span></a></li> </ul> <h2 id="mcetoc_1jl7jgb3u2"><span>Affected Versions</span></h2> <p><span>This article applies to all supported versions of Appian.</span></p> <p><span>Last reviewed:&nbsp;</span><span>May 13, 2026</span></p><div style="clear:both;"></div>