Broken dropper in @mistralai/mistralai, @mistralai/mistralai-azure, @mistralai/mistralai-gcp

Mistral npm @mistralai/mistralai, @mistralai/mistralai-azure, @mistralai/mistralai-gcp were compromised by a supply chain attack related to the TanStack security incident. An automated worm associated with the attack led to compromised npm package versions being published.

Current investigation indicates that an affected developer device was involved. We have no indication that Mistral infrastructure was compromised. The compromised versions were removed from npm. They were available only between May 11 at 22:45 UTC and May 12 at 01:53 UTC. Previous and later versions are not affected by this advisory.

Impact

The dropper is broken, it has no impact.

• setup.mjs references tanstack_runner.js but the payload file is named router_init.js
  • execFileSync throws ENOENT and the tmpdir is wiped before payload runs. Bun gets downloaded to a tmpdir but no payload execution.

We still recommend removing the packages, see below for remediation.

Check whether you are affected

You are affected if one of the package versions above was installed in any environment during the exposure window or is present in a lockfile, build artifact, container image, package cache, or deployment image.

Check installed versions:

npm ls @mistralai/mistralai @mistralai/mistralai-azure @mistralai/mistralai-gcp
grep -n -A 4 -B 2 -E '@mistralai/(mistralai|mistralai-azure|mistralai-gcp)|2\.2\.[2-4]|1\.7\.[1-3]' \
  package-lock.json pnpm-lock.yaml yarn.lock 2>/dev/null

Look for any of the following files

• router_init.js (embedded in all @tanstack packages): ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c
• tanstack_runner.js (from git commit): 2ec78d556d696e208927cc503d48e4b5eb56b31abc2870c2ed2e98d6be27fc96
• @tanstack/setup package.json: 7c12d8614c624c70d6dd6fc2ee289332474abaa38f70ebe2cdef064923ca3a9b

You may also run this (read-only) script that will automatically flag known malicious files.

You are not affected by this advisory if you did not install the affected package versions and they are not present in your lockfiles, build caches, deployment artifacts, or package mirrors.

If the command finds an affected version, continue with the remediation steps below. If you use private package mirrors, caches, or container base images, check those copies too.

Remediate affected systems

1. Stop using the affected package version immediately.
2. Clean systems where one of this package has been installed.