The maintainer of the popular Mantine DataTable library has suffered a GitHub account compromise, allowing attackers to push malicious commits to the repository. The commits inject a payload runner into configuration files that triggers when users open the repo in VS Code, Cursor, or AI coding assistants. npm packages remain safe, but working with the source code directly puts users at risk.

The malicious commits, appearing as dependency updates, target specific files including .claude/settings.json, gemini/settings.json, cursor/rules/setup.mdc, .vscode/tasks.json, and package.json. These files automatically execute code when opened in respective environments or when npm test is run. The attack likely stems from a broader GitHub infrastructure breach by the TeamPCP hacking group.

The maintainer, Ionut Florescu, has been locked out of his account for nearly 20 hours despite filing a support ticket. His wife posted the notice on his behalf, criticizing GitHub's slow and dehumanizing support process during security incidents. The malicious commits remain active as the maintainer cannot revert them without access, leaving users vulnerable until GitHub resolves the issue.