TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

Briefly

"TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages and published 84 malicious package versions in just six minutes, exposing developers and CI/CD systems to credential theft and malware propagation. The attack exploited a combination of GitHub Actions cache poisoning, unsafe pull_request_target workflows, and runtime token extraction to inject malicious code into the release pipeline without directly compromising npm credentials."

"According to TanStack, the incident occurred on May 11 between 19:20 and 19:26 UTC when attackers used poisoned GitHub Actions caches and workflow permissions to mint OpenID Connect (OIDC) tokens capable of publishing directly to npm. The malware targeted developer and CI environments, harvesting credentials from AWS, GCP, Kubernetes, Vault, GitHub, SSH keys, and npm configurations before exfiltrating them through an encrypted messaging infrastructure."

"The attack began a day earlier when an attacker created a renamed fork of the TanStack Router repository and opened a seemingly harmless pull request. Hidden within the pull request was a malicious payload that exploited GitHub Actions workflows configured with the dangerous pull_request_target pattern, allowing workflows to execute with elevated permissions across the fork-to-base trust boundary."

"By poisoning the shared GitHub Actions cache, the attacker ensured malicious artifacts would later be restored during legitimate release workflows on the main branch. Once maintainers merged unrelated pull requests into production, the compromised cache was loaded into the release pipeline, allowing malware to execute during test phases and directly publish malicious package versions to npm using trusted publishing tokens."