Postmortem: TanStack npm supply-chain compromise

On May 11, 2026, between 19:20 and 19:26 UTC, an attacker published 84 malicious versions across 42 TanStack npm packages by exploiting a supply-chain vulnerability involving GitHub Actions and package publishing workflows. The attack was detected within 20 minutes by an external researcher, prompting an immediate security response. No npm credentials were stolen, but the incident raises concerns over package integrity and supply-chain security for developers relying on TanStack libraries.

The attacker used a combination of GitHub Actions cache poisoning, a forged pull request, and runtime memory extraction of an OIDC token to inject malicious code into multiple package versions. The malicious payload, embedded in a package’s optionalDependencies, executed during npm install, harvesting credentials from various cloud and local environments, and exfiltrating data via encrypted channels. The attack affected 42 packages, including @tanstack/router, @tanstack/history, and others, with two malicious versions published roughly six minutes apart. The compromised packages were quickly deprecated, and npm security teams were engaged to remove the malicious tarballs from the registry.

The attack originated from a malicious fork of TanStack/router created on May 10, 2026, which was used to push a large payload commit and manipulate the pull request process. The malicious commit was merged into the main branch on May 11, 2026, during a CI run that was compromised via pull_request_target workflows. The attacker exploited the bypass of contributor approval gates, allowing the malicious code to run during the publish process, resulting in the distribution of infected package versions.

Why It Matters

This incident underscores the vulnerabilities in modern CI/CD pipelines and supply-chain security for open-source projects. Developers relying on TanStack libraries could have had their environments compromised if they installed the affected versions on May 11. Although no credentials were confirmed stolen, the malicious code’s ability to harvest sensitive data and propagate to other packages poses a serious threat to software security and trust in the npm ecosystem.

Background

Supply-chain attacks targeting npm packages have increased in recent years, with notable incidents involving malicious code injection during package publishing. TanStack, a popular set of libraries for React development, was targeted in this incident, which involved exploiting GitHub workflows and cache poisoning. The attack followed a pattern similar to previous supply-chain compromises, but the sophistication of the payload and the use of runtime memory extraction marked a significant escalation. The breach was detected and contained within hours, highlighting the importance of vigilant monitoring and rapid incident response in open-source projects.

“We responded swiftly to deprecate affected packages and engaged npm security to remove malicious tarballs. Developers should rotate credentials if they installed any affected versions.”

— Tanner Linsley, TanStack maintainer

“The attack was executed through a combination of cache poisoning and runtime memory extraction, which allowed the attacker to inject malicious code during the package publish process.”

— Ashish Kurmi, researcher at StepSecurity

What Remains Unclear

While the immediate impact has been contained, it remains unclear whether any data exfiltration occurred beyond credential harvesting, or if other packages were compromised outside the affected set. The full scope of the attacker’s access and whether additional malicious activity is ongoing is still under investigation.

Automating DevOps with GitLab CI/CD Pipelines: Build efficient CI/CD pipelines to verify, secure, and deploy your code using real-life examples

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

What’s Next

Security teams will continue monitoring for further malicious activity, and npm has been engaged to enhance package verification processes. Developers are advised to audit their environments, rotate credentials, and verify the integrity of any affected packages installed on May 11. Community discussions on improving supply-chain security are expected to accelerate.

Software Supply Chain Defense: Securing Build Environments, Toolchains, and CI/CD Infrastructure Against Advanced Threats

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

How can I tell if I installed an affected package version?

Check your package lock files and installed versions against the list of affected versions published by TanStack. If you installed any affected version on May 11, 2026, consider rotating credentials and auditing your environment.

Were npm credentials stolen during the attack?

No evidence has been found to confirm that npm credentials or other sensitive tokens were stolen. However, the malicious payload was capable of harvesting various credentials from environments where affected packages were installed.

What should I do if I installed an affected package?

Immediately deprecate or uninstall the affected versions, rotate all related credentials (AWS, GCP, Kubernetes, Vault, GitHub, SSH), and monitor your systems for suspicious activity. Follow official security advisories for updates.

How did the attacker manage to publish malicious packages?

The attacker exploited a vulnerability in the CI/CD workflow, specifically bypassing contributor approval gates via pull_request_target workflows, and used runtime memory extraction of an OIDC token to authenticate and publish malicious versions.

Will there be further updates on this incident?

Yes, security teams and TanStack maintainers will provide ongoing updates as investigations progress and mitigation measures are implemented. Developers should stay alert for official advisories.