Malicious npm Package Brand-Squats TanStack, Exfiltrates Developer Secrets
Key Takeaways A malicious npm package, “tanstack”, was identified as a brand-squatting attempt against the legitimate TanStack library. The rogue package actively exfiltrated sensitive...
Key Takeaways
- A malicious npm package, “tanstack”, was identified as a brand-squatting attempt against the legitimate TanStack library.
- The rogue package actively exfiltrated sensitive developer environment variables, including API keys and database credentials, upon installation.
- Versions 2.0.4 through 2.0.7 of the unscoped “tanstack” package contained the data-stealing functionality.
- The attack highlights critical supply chain vulnerabilities and the importance of verifying package authenticity.
- Developers who installed affected versions must immediately uninstall the package, rotate all compromised secrets, and audit their project dependencies.
A sophisticated brand-squatting scheme on the npm registry has been uncovered, revealing a malicious package masquerading as the popular TanStack library. This imposter package was designed to covertly steal sensitive developer credentials and environment variables, posing a significant supply chain threat to unsuspecting developers.
Table Of Content
The malicious entity, published under the unscoped name “tanstack,” exploited a common developer oversight: failing to distinguish between official scoped packages (e.g., “@tanstack/*”) and similarly named, but unauthorized, counterparts. A comprehensive security report details the methodology and impact of this supply chain attack.
Attack Vector and Timeline
Once installed, the counterfeit “tanstack” package executed hidden scripts that immediately transmitted environment variable files to an attacker-controlled server. The package remained dormant on the npm registry for over a month before its maintainer, identified by the username “sh20raj,” initiated a series of rapid updates on April 29, 2026.
Within a mere 27-minute window, four new versions—2.0.4 through 2.0.7—were published. Each of these versions incorporated code specifically engineered to silently exfiltrate “.env” files from developers’ machines the moment the package was installed.
Analysts at Socket.dev detected the threat using their AI-powered automated systems, which flagged the suspicious post-installation behavior embedded within the package. A subsequent technical analysis confirmed that all four malicious versions utilized the same exfiltration infrastructure, indicating a deliberate and coordinated attack by a single actor.
Developer Impact and TanStack’s Response
The ramifications of this attack extend beyond a simple typographical error. Tanner Linsley, the creator of TanStack, confirmed to Socket researchers that the maintainer of the unscoped “tanstack” package has no affiliation with the official TanStack project. Linsley further revealed that TanStack has initiated legal proceedings, filing trademark infringement claims against the package’s maintainer. He also disclosed that the maintainer had previously attempted to extort $10,000 from him, and that repeated efforts by TanStack to prompt npm into action had been unsuccessful.
This incident underscores a critical, often overlooked, supply chain vulnerability. Developers searching for TanStack tools or copying installation commands from online resources could inadvertently install the malicious package. Any “.env”, “.env.local”, or “.env.production” file present in the project directory at the time of installation should be considered compromised, as these files frequently contain sensitive data such as API keys, database passwords, and authentication tokens vital for application security.
Postinstall Script: How the Attack Worked
The core of this sophisticated attack resided within the package’s postinstall scripts. When a developer executed “npm install,” a script automatically triggered, scanning the project’s root directory for environment variable files. A malicious function, deceptively named “collectEnvFiles(),” was responsible for gathering all files matching “.env” or “.env.*” patterns. These files were then compiled into a JSON payload and transmitted via an HTTPS POST request to an endpoint hosted on Svix, a third-party webhook delivery service under the attacker’s control.
To further obscure its true intent, the exfiltration function was given the innocuous name “sendReadme(),” making it appear to be routine telemetry. Version 2.0.6 exhibited the most aggressive behavior, scanning the entire installation directory for all “.env.*” variants and silently transmitting them without leaving any visible traces. Version 2.0.7 scaled back the scope slightly but critically commented out all console log calls, significantly increasing the difficulty for security tools to detect the malicious activity.
The attacker leveraged a Svix webhook source with the ID “src_3387PLMB2uhXOBe3Q8sHu” as a one-way data drop box. While anyone could post data to the public ingest URL, only the authenticated account holder could retrieve the incoming information, making forensic analysis challenging for defenders. The consistent use of this Svix source ID across all four malicious versions confirmed a single, deliberate attacker behind the operation.
What You Should Do
- Immediate Uninstallation: Developers who installed versions 2.0.4 through 2.0.7 of the unscoped “tanstack” package must uninstall it immediately.
- Secret Rotation: All API keys, tokens, database credentials, and any other sensitive information stored in affected “.env” files should be considered compromised and must be rotated or replaced without delay.
- Dependency Audit: Audit your
package.json,package-lock.json, andyarn.lockfiles for any references to the unscoped “tanstack” package and remove them. - Registry Deny Listing: Organizations should add the unscoped “tanstack” package to their internal registry deny lists to prevent future installations.
- Network Monitoring: Monitor outbound network traffic from developer machines, CI/CD pipelines, and container build environments for connections to
api.svix.com, specifically targeting the identified Svix Source ID (src_3387PLMB2uhXOBe3Q8sHu). - Verify Package Scopes: Always install TanStack packages using the official scoped format (e.g.,
@tanstack/react-query,@tanstack/table) to ensure authenticity and avoid falling victim to similar brand-squatting attacks.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.