OpenAI said it found no evidence that user data was accessed after a supply-chain attack involving the TanStack npm library. The incident has renewed concerns about the security of open-source software, as researchers warn that malicious npm packages can expose developer credentials