Product

Resources

Company

Talk to a real human

Sign up today

High severityActivenpmSupply chainCredential exfilMaintainer compromise

@tanstack/*

A supply-chain compromise of TanStack's npm publish path. Two malicious versions were published for each of 42 @tanstack/* packages (84 versions total) within a six-minute window on May 12, 2026. The payload exfiltrates cloud, Kubernetes, GitHub, and SSH credentials from any host that installed during the window.

Are you affected?

**Only if you installed any @tanstack/* package between 19:20 and 19:30 UTC on May 12, 2026.** Builds pinned to a known-good version before that window were never exposed. Most users will be clear.

The malicious manifest contains a tell-tale signature: a git:-resolved optionalDependency pointing at tanstack/router#79ac49ee.... Run this from your project root to check your lockfile:

# From your project root
$ grep -r '"@tanstack/setup"' package-lock.json
# If empty, you're clear. Any match = compromised version installed.

What happened

On May 12, 2026, between 19:20 and 19:26 UTC, an attacker with publish access to the @tanstack npm scope pushed two malicious versions for each of 42 packages (84 versions total) within a six-minute window. The publishing pattern is consistent with a compromised maintainer credential or token rather than a typosquat.

The malicious payload is delivered through a git:-resolved optionalDependencies entry whose prepare script runs router_init.js, a ~2.3 MB payload smuggled into each tarball at the package root. On install, the script scans for AWS_*, GCP_*, KUBECONFIG, Vault tokens, GitHub tokens, .npmrc contents, and SSH keys under ~/.ssh/, and exfiltrates matches to an attacker-controlled endpoint.

Unpublish is blocked by npm policy for most affected packages because of existing third-party dependents, so all 84 versions are being deprecated with a SECURITY warning and npm security has been engaged to pull tarballs at the registry level.

Timeline

May 12 · 19:20 UTC
Malicious publish window begins. First compromised versions appear in the @tanstack scope.
May 12 · 19:26 UTC
Malicious publish window ends. 84 versions across 42 packages now affected.
May 12 · [TBD]
Security researcher detects the anomaly and discloses to TanStack maintainers.
May 12 · [TBD]
Mass deprecation begins; SECURITY warning added to every affected version.
May 12 · [TBD]
npm security engaged; tarball-level removal begins.

If you were exposed

If the lockfile check above returned a match, or npm ls shows you installed any @tanstack/* package during the publish window, treat the host as potentially compromised. At minimum:

  • Rotate AWS, GCP, and Kubernetes credentials immediately. Check IAM/audit logs for unfamiliar API calls in the last several hours.
  • Rotate GitHub personal-access and SSH-deploy tokens. Review recent token usage in the GitHub audit log.
  • Rotate Vault tokens and re-seal where applicable.
  • Review SSH key material under ~/.ssh/ and rotate anything without a passphrase.
  • Pin to a prior known-good @tanstack/* version, delete node_modules and package-lock.json, then reinstall from a clean lockfile.

Stay on the version you're on. Minus the CVEs.

Root patches your dependencies in place and vets every new release. Your code stays the same. Your risk doesn't.

Try Root free
Talk to a real human