Malicious npm Package Steals TanStack Developer Secrets

A recently identified malicious npm package has been found actively stealing sensitive developer credentials through a sophisticated brand squatting operation. This package was designed to impersonate the widely trusted TanStack library, covertly exfiltrating critical information from unsuspecting developers. The full scope of this supply chain attack is detailed in a comprehensive security report, which outlines the malicious package’s methodology and impact. For an

The package, published under the unscoped name “tanstack” on the npm registry, tricked developers into installing it instead of the legitimate “@tanstack/*” packages.

Once installed, it ran hidden scripts that sent environment variable files straight to an attacker-controlled server.

The malicious package had been sitting on npm for over a month before things turned dangerous. On April 29, 2026, the package’s maintainer, identified by the username “sh20raj,” began pushing four new versions in quick succession.

Versions 2.0.4 through 2.0.7 were all published within a 27-minute window, and each one carried code designed to quietly steal “.env” files from developers’ machines the moment the package was installed.

Analysts at Socket.dev identified the threat through automated AI-powered detection, flagging the malicious postinstall behavior embedded in the package.

A full technical analysis confirmed that all four versions shared the same exfiltration infrastructure, pointing to a single, deliberate actor behind the attack rather than a gradual or accidental compromise.

The impact of this attack stretches beyond a simple typo trap. Tanner Linsley, the creator of TanStack, confirmed to Socket researchers that the maintainer of the unscoped “tanstack” package has no connection to the official TanStack project.

Linsley revealed that TanStack has filed legal documents related to a pending trademark infringement claim against the package’s maintainer.

He also disclosed that the maintainer had previously demanded $10,000 from him, and that TanStack had made repeated attempts to get npm to take action, all without success.

This attack is a clear example of a serious supply chain threat that many developers tend to overlook. Anyone searching for TanStack tools or copying install commands from tutorials could easily install the wrong package without noticing.

Any “.env”, “.env.local”, or “.env.production” file present in the project folder at install time should be treated as fully compromised, since those files typically contain API keys, database passwords, and authentication tokens that are critical to application security.

Postinstall Script: How the Attack Worked

The core of this attack lived in the package’s postinstall scripts. When a developer ran “npm install”, the script triggered automatically and began scanning the project’s root directory for environment variable files.

The malicious function, named “collectEnvFiles()”, gathered every file matching “.env” or “.env.*” patterns and packaged them into a JSON payload. This payload was then sent via an HTTPS POST request to an endpoint hosted on Svix, a third-party webhook delivery service controlled by the attacker.

To hide its true purpose, the function was given an innocent-looking name, “sendReadme()”, which made it appear to be routine telemetry at first glance.

Version 2.0.6 was the most aggressive, scanning the entire install directory for all “.env.*” variants and sending them silently without leaving any visible trace.

Version 2.0.7 scaled back slightly but commented out all console log calls, making detection even harder for security tools to catch.

The attacker used a Svix webhook source with the ID “src_3387PLMB2uhXOBe3Q8sHu” as a one-way drop box for stolen data.

Anyone could post data to the public ingest URL, but only the authenticated account holder could read what came in, making it very difficult for defenders to check what had been stolen.

The same Svix source ID appeared across all four malicious versions, confirming all activity traced back to a single attacker.

Developers who installed versions 2.0.4 through 2.0.7 should uninstall the package and rotate all secrets right away.

Any API keys, tokens, or database credentials stored in affected “.env” files must be treated as fully compromised and replaced immediately.

Teams should audit their “package.json”, “package-lock.json”, and “yarn.lock” files for any reference to the unscoped “tanstack” package and remove it.

Organizations should also add the unscoped “tanstack” package to their registry deny lists and monitor outbound traffic to “api.svix.com” from developer machines, CI/CD pipelines, and container build environments.

Always install TanStack packages using the official “@tanstack/*” scoped format to avoid falling into similar traps.

IoC:-

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.