"The malicious versions were detected publicly within 20 minutes by an external researcher ashishkurmi working for stepsecurity. All affected versions have been deprecated; npm security has been engaged to pull tarballs from the registry. We have no evidence of npm credentials being stolen, but we strongly recommend that anyone who installed an affected version on 2026-05-11 rotate AWS, GCP, Kubernetes, Vault, GitHub, npm, and SSH credentials reachable from the install host."
An attacker published 84 malicious versions across 42 @tanstack/* npm packages by combining a pull_request_target “Pwn Request” pattern, GitHub Actions cache poisoning across the fork-to-base trust boundary, and runtime memory extraction of an OIDC token from the GitHub Actions runner process. No npm tokens were stolen and the npm publish workflow was not compromised. A researcher detected the activity within 20 minutes, and all affected versions were deprecated while npm security pulled the tarballs from the registry. Installing an affected version triggers resolution of a malicious optionalDependencies entry, fetches an orphan payload commit from the fork network, runs a prepare lifecycle script, and executes an obfuscated router_init.js included in the tarball. The script harvests AWS, GCP, Kubernetes, Vault, npm, GitHub, and SSH credentials and exfiltrates them over a file-upload network.
#npm-supply-chain-attack #github-actions-security #credential-harvesting #oidc-token-compromise #tanstack-packages
Read at Tanstack
Unable to calculate read time
Collection
[
|
...
]