Deepthix .
← Retour au blog
tech 12 May 2026

Postmortem: TanStack npm Supply-Chain Compromise

A deep dive into the security incident affecting 42 TanStack npm packages. Understand how the attack was executed and how to safeguard your own software ecosystem.

Article inspired by the original source
Postmortem: TanStack npm supply-chain compromise ↗ tanstack.com

Introduction

On May 11, 2026, between 19:20 and 19:26 UTC, a significant security event struck TanStack's npm ecosystem. A malicious actor published 84 compromised versions of 42 npm packages under the @tanstack namespace. This attack highlighted critical vulnerabilities in the software supply chain, a growing issue in modern development.

Attack Details

The attack combined several sophisticated techniques: the "Pwn Request" pull_request_target pattern, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of an OIDC token from the GitHub Actions runner process. No npm tokens were stolen, and the npm publish workflow itself was not compromised.

Impact of the Compromised Versions

The 84 compromised versions were quickly identified by an external researcher, Ashish Kurmi, working for StepSecurity. All affected versions have been deprecated, and npm security has been engaged to pull tarballs from the registry. While there is no evidence of npm credentials being stolen, it is strongly recommended that anyone who installed an affected version rotates their AWS, GCP, Kubernetes, Vault, GitHub, npm, and SSH credentials.

How the Malware Works

When a developer or CI environment runs npm install, pnpm install, or yarn install with an affected version, npm resolves the malicious optionalDependencies entry, fetches the orphan payload commit from the fork network, runs its prepare lifecycle script, and executes an obfuscated router_init.js script (~2.3 MB) smuggled into the affected tarball.

The malicious script has several objectives:

  • Harvest credentials from common locations: AWS IMDS / Secrets Manager, GCP metadata, Kubernetes service-account tokens, Vault tokens, ~/.npmrc, GitHub tokens (env, gh CLI, .git-credentials), SSH private keys.
  • Exfiltrate data over the Session/Oxen messenger file-upload network with end-to-end encryption, making mitigation only possible via IP/domain blocking.
  • Self-propagate by enumerating other packages the victim maintains via registry.npmjs.org/-/v1/search?text=maintainer:<user> and republishes them with the same injection.

Response and Recommendations

The swift detection and coordinated response helped limit the potential damage of this attack. However, this incident underscores the need for continuous vigilance and improved security practices in dependency management.

Prevention Measures

  1. Regular Dependency Audits: Use tools to audit dependencies and detect suspicious or outdated versions.
  2. Environment Isolation: Set up isolated development environments to reduce the potential impact of a compromise.
  3. Key and Token Rotation: Implement a regular rotation cycle for authentication keys to limit exposure.
  4. Continuous Monitoring: Deploy monitoring systems to detect abnormal behaviors in CI/CD environments.

Conclusion

The TanStack incident is a stark reminder of the risks inherent in modern software supply chains. It is imperative for developers and tech companies to continuously fortify their defenses and stay informed of the latest threats.

Let's discuss your project in 15 minutes.

supply-chain npm security TanStack malware
Deepthix newsletter · 100% AI · every Monday 8am

An AI agent reads tech for you.

Our AI agent scans ~200 sources per week and ships the best articles to your inbox Monday 8am. Free. One click to unsubscribe.

Visit the newsletter page →

Want to automate your operations?

Let's talk about your project in 15 minutes.

Book a call