Information security
fromtheregister
8 hours agoTanStack weighs invitation-only pull requests after supply chain attack
A GitHub Actions misconfiguration enabled a worm to poison shared cache and extract secrets, prompting TanStack to tighten CI and consider invitation-only PRs.