TL;DR
On May 11, 2026, attackers published malicious versions of 42 TanStack npm packages using a sophisticated supply-chain attack involving GitHub Actions and cache poisoning. The breach was detected within 20 minutes and responded to swiftly, with no evidence of credential theft.
On May 11, 2026, between 19:20 and 19:26 UTC, attackers published 84 malicious versions across 42 TanStack npm packages, exploiting GitHub Actions cache poisoning and runtime memory extraction techniques. The attack was detected within 20 minutes by an external researcher, and affected packages have been deprecated. No npm credentials were stolen, but users are advised to rotate relevant credentials.
The attack involved a complex chain of malicious activities: creating a fork of a TanStack repository, pushing a malicious commit, and exploiting GitHub Actions workflows to inject malicious code during package publication. The attacker used a combination of cache poisoning, pull request target bypasses, and runtime memory extraction of OIDC tokens to execute the payload.
The malicious package versions contained a JavaScript payload, ‘router_init.js,’ which, when executed during npm install, harvested credentials from multiple sources including cloud provider metadata, Vault, GitHub tokens, SSH keys, and npm tokens. The payload also exfiltrated data via an encrypted network to a command-and-control server and propagated to other packages maintained by the victim.
Security researchers identified the attack after the malicious versions were published, and npm responded by deprecating the affected versions and engaging security teams to remove the malicious tarballs from the registry. There is no evidence that npm credentials or other sensitive tokens were stolen during the attack.
Why It Matters
This incident underscores the vulnerabilities in open-source supply chains, especially when CI/CD pipelines are exploited through sophisticated techniques. The attack demonstrates how malicious actors can leverage trusted workflows to inject malicious code at scale, potentially compromising development environments and downstream consumers.
For developers and organizations, it highlights the importance of monitoring package integrity, rotating credentials regularly, and implementing stricter controls over CI/CD processes to prevent similar breaches.
npm package security monitoring tools
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
In recent years, supply-chain attacks targeting open-source ecosystems have increased in sophistication. Prior incidents have shown how malicious actors exploit package publishing workflows, but this attack stands out for its use of cache poisoning, runtime memory extraction, and multi-stage propagation. The attack on TanStack packages follows a pattern of high-profile breaches affecting popular JavaScript libraries, prompting renewed focus on security practices in open-source development.
The attack was orchestrated over several days, beginning with the creation of a malicious fork and culminating in the publication of malicious package versions during a CI/CD pipeline run. The attack exploited the pull_request_target workflow, which bypassed some security controls, enabling the attacker to execute malicious code during package release.
“We responded swiftly to contain the breach, deprecating affected packages and engaging npm security teams to remove malicious tarballs. No credentials were stolen, but we advise users to rotate their credentials as a precaution.”
— Tanner Linsley, TanStack developer
“We are actively investigating the scope of this attack and have engaged with TanStack to mitigate the impact. Users should consider rotating all relevant credentials and monitor for suspicious activity.”
— npm security team
GitHub Actions security plugin
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It is still unclear how the attacker initially gained access to the fork and whether any other packages outside of TanStack were compromised. The full extent of credential theft, if any, remains unconfirmed, and the precise technical details of the runtime memory extraction are still being analyzed.
credential rotation tools for developers
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Security teams will continue to investigate the breach, with npm and TanStack deploying additional safeguards for their CI/CD pipelines. Users are advised to audit their dependencies, rotate credentials, and monitor for unusual activity. Future updates will clarify the full scope of the attack and improvements to prevent similar incidents.
SCRM 2.0: 21st Century Supply Chain Risk Management Solutions
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
Were npm credentials stolen during the attack?
There is no evidence that npm credentials were stolen. The malicious payload used OIDC tokens from GitHub Actions workflows to authenticate during package publication.
Which packages were affected by the compromise?
42 packages under the @tanstack scope were affected, with 84 malicious versions published across them. Families like @tanstack/query, @tanstack/table, @tanstack/form, @tanstack/virtual, @tanstack/store, and the meta-package @tanstack/start were not impacted.
What should users do if they installed affected versions?
Users should treat their systems as potentially compromised and rotate all relevant credentials, including AWS, GCP, Kubernetes, Vault, GitHub, npm, and SSH keys. They should also audit their systems for suspicious activity.
How did the attack bypass security measures during package publication?
The attacker exploited the pull_request_target workflow, which bypassed some security controls, and used runtime memory extraction of OIDC tokens to authenticate malicious publishes during the CI process.
