Shai Hulud worm exploited GitHub Actions misconfiguration to poison shared cache, now project weighing nuclear option on unsolicited contributions The TanStack team has documented security measures and proposals following a damaging breach last week, including the possibility of making pull requests PRs by invitation only a break from the open contribution model that defines most open source projects. The attack used code from the Shai Hulud worm, published by malware outfit TeamPCP, which can...
