TanStack NPM Supply-Chain Compromise Postmortem
Original: Postmortem: TanStack NPM supply-chain compromise
Why This Matters
Demonstrates sophisticated supply-chain attack vectors targeting developer workflows
On May 11, 2026, attackers published 84 malicious versions across 42 TanStack npm packages using GitHub Actions cache poisoning and OIDC token extraction. The attack harvested AWS, GCP, SSH credentials from developers' machines within 6 minutes.
Attackers exploited the pull_request_target pattern and GitHub Actions cache poisoning to compromise TanStack's npm publishing workflow. The attack began with a malicious fork and PR containing a 2.3MB obfuscated payload that executed during npm install lifecycle scripts. The malware harvested credentials from AWS IMDS, GCP metadata, Kubernetes tokens, SSH keys, and GitHub tokens, exfiltrating data via Session/Oxen messenger network. It also self-propagated by republishing other packages maintained by victims. External researcher ashishkurmi detected the compromise within 20 minutes. All affected versions have been deprecated and npm security engaged to remove tarballs. No npm tokens were stolen, but TanStack recommends credential rotation for anyone who installed affected versions.