Mistral AI's NPM package was compromised
Mistral AI's official NPM package has been compromised as part of the Shai Hulud worm, a self-spreading supply chain attack. Users of version 2.2.4 should take immediate action.
Article intelligence
EngineersIntermediate
Key points
- Mistral AI's NPM package '@mistralai/mistralai' version 2.2.4 is compromised.
- The attack is part of the Shai Hulud worm targeting the NPM ecosystem.
- Details are available on StepSecurity's blog.
Why it matters
This matters because mistral AI's NPM package '@mistralai/mistralai' version 2.2.4 is compromised.
Technical impact
May affect model selection, inference cost, product capability, and evaluation benchmarks.
This is part of the latest Shai Hulud worm, details at https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem
https://www.npmjs.com/package/@mistralai/mistralai/v/2.2.4