cd /news/ai-tools/mantine-datatable-and-others-comprom… · home topics ai-tools article
[ARTICLE · art-22691] src=github.com pub= topic=ai-tools verified=true sentiment=↓ negative

Mantine-datatable (and others) compromised – owner account suspended

The owner of the Mantine-datatable repository and four others had their GitHub account suspended after unauthorized commits injected malicious payloads into configuration files for VS Code, Cursor, and AI coding assistants. The attacker's commits, disguised as dependency updates, trigger automatic execution of a payload runner when users open the repository in those development environments. Nearly 20 hours after the incident, the malicious commits remain active because the legitimate maintainer cannot revert them without account access, and GitHub has not yet responded to the support ticket.

read2 min publishedJun 5, 2026

You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert

Hi everyone. I'm Irinel-Ramona, Ionut's wife. I'm posting this on his behalf because his GitHub account has been suspended and he has no way to reach you directly right now.

Earlier today, unauthorized commits were pushed to this repository and 4 others via the github-actions bot. The commit message reads chore: update dependencies [skip ci] and looks innocent, but it isn't.

The malicious commit injects a payload runner (node .github/setup.js) into:

.claude/settings.json -- triggers automatically on Claude Code session start

.gemini/settings.json -- triggers automatically on Gemini session start

.cursor/rules/setup.mdc -- triggers automatically when opening the repo in Cursor

.vscode/tasks.json -- triggers automatically when opening the repo in VS Code

package.json -- hijacks the npm test script

If you have cloned or pulled this repository recently, please do NOT open it in VS Code, Cursor, or any AI coding assistant, and do NOT run npm test until Ionut regains access and reverts the malicious commits. The good news: the published npm packages are completely safe. No malicious versions were published. This risk only affects people working directly with the source repository.

Ionut has filed the #4448974 support ticket with GitHub and is waiting for a response. I wish I could say more than that, but GitHub's support process during a security incident is, frankly, slow and dehumanising. He is a legitimate open-source maintainer, a victim of an attack that may have originated from GitHub's own infrastructure breach, locked out of an account he has been building for years -- and he is sitting here waiting, with no timeline, no direct contact, no way to protect his users himself.

Nearly 20 hours after the incident, the malicious commits are still present in the repositories -- because he cannot revert them without access, and GitHub has yet to act on them directly or come up with a proper reply to the support ticket.

reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji

source & further reading
github.com — original article
── more in #ai-tools 4 stories · sorted by recency
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/mantine-datatable-an…] indexed:0 read:2min 2026-06-05 ·