TanStack NPM Packages Compromised in Supply Chain Attack
Original: TanStack NPM Packages Compromised
Why This Matters
Major supply chain attack on popular JavaScript libraries threatens npm ecosystem security
TanStack Router project reports security incident affecting multiple npm package releases. The compromise appears to be part of a self-spreading supply chain attack dubbed 'Mini-Shai-Hulud' targeting the npm ecosystem, with investigation ongoing.
TanStack, the popular JavaScript library ecosystem, has disclosed a security incident affecting several of its npm package releases on GitHub issue #7383. The compromise appears to be part of a broader supply chain attack called 'Mini-Shai-Hulud' that is reportedly self-spreading throughout the npm ecosystem. The TanStack team is actively investigating the incident and has directed users to StepSecurity's blog post for detailed findings about the attack. TanStack Router, which has over 14,400 GitHub stars and is widely used in React applications, is among the affected packages. The incident highlights ongoing vulnerabilities in the JavaScript package management ecosystem.