Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
281 Android VPN Apps Leak Sensitive Data, Transfer Data Unencrypted
July 11, 2026
Top 10 Unified Threat Management Solutions for 2026
July 11, 2026
Critical OpenClaw Vulnerability Lets Attackers Hijack WhatsApp Via One Message
July 11, 2026
Home/Threats/Malicious TanStack Package Steals Dev Files via Postinstall Script
Threats

Malicious TanStack Package Steals Dev Files via Postinstall Script

Key Takeaways A malicious npm package, “tanstack,” was discovered impersonating components of the legitimate TanStack project. The package contained a “postinstall” script...

Marcus Rodriguez
Marcus Rodriguez
May 4, 2026 4 Min Read
65 0

Key Takeaways

  • A malicious npm package, “tanstack,” was discovered impersonating components of the legitimate TanStack project.
  • The package contained a “postinstall” script designed to silently exfiltrate sensitive developer environment files upon installation.
  • Four malicious versions (2.0.4, 2.0.5, 2.0.6, 2.0.7) were published on April 29, 2026, over a 27-minute period, with version 2.0.6 being the most dangerous.
  • The attack leveraged typosquatting, targeting developers who might mistakenly install “tanstack” instead of scoped packages like “@tanstack/query.”
  • Developers who installed any of the malicious versions must immediately rotate all potentially compromised credentials, including AWS keys, GitHub tokens, and API keys.

Malicious npm Package “tanstack” Steals Developer Credentials

On April 29, 2026, a deceptive npm package masquerading as a component of the popular TanStack ecosystem was identified, actively engaged in stealing critical developer environment files. This fraudulent package was designed to automatically exfiltrate sensitive data the moment it was installed onto a developer’s system.

Table Of Content

  • Key Takeaways
  • Malicious npm Package “tanstack” Steals Developer Credentials
  • The Attack Window and Modus Operandi
  • Live Payload Iteration: Version 2.0.6’s Enhanced Threat
  • What You Should Do
  • Indicators of Compromise (IOCs)

The attacker registered the unscoped “tanstack” package name on npm, crafting it to appear as a legitimate “TanStackPlayer” video player SDK. Crucially, a credential-harvesting script was embedded within the package, configured to execute silently via a postinstall hook, ensuring no visible warnings during installation. Further details of the campaign and its impact were analyzed by Aikido researchers.

The Attack Window and Modus Operandi

The malicious activity unfolded rapidly over a mere 27-minute interval on April 29, 2026. Between 17:08 and 17:35 UTC, four distinct malicious versions of the package—2.0.4, 2.0.5, 2.0.6, and 2.0.7—were pushed to the npm registry in quick succession. Each of these versions included a “postinstall” hook, a mechanism that automatically triggers a script when a developer executes an npm install command.

Prior to this incident, version 2.0.3, released in March 2026, was clean and did not contain any such malicious hook. The package had garnered approximately 19,830 downloads in the month preceding the attack, creating a substantial pool of potential targets for the attacker.

The attackers did not need to compromise existing accounts or exploit vulnerabilities. Instead, they relied on a sophisticated form of typosquatting and social engineering. By registering a convincing package name and enhancing its README with sponsorship badges, download shields, feature comparison tables, and code examples, the package appeared legitimate enough to bypass casual scrutiny. This allowed the attacker to simply upload the malicious package, and npm’s installation process handled the rest.

The real TanStack organization, known for widely adopted libraries like TanStack Query (which sees around 8 million weekly downloads), had no association with this malicious package. The attacker capitalized on the fact that the unscoped “tanstack” name had been available since December 2024. This allowed them to exploit common developer typos; for instance, a developer inadvertently typing npm install tanstack instead of npm install @tanstack/query would unknowingly install the malicious package, instantly triggering credential theft.

Exfiltrated data was routed through Svix, a legitimate webhooks-as-a-service platform, to an attacker-controlled endpoint. This tactic allowed the attacker to bypass conventional network-level blocking mechanisms by leveraging a trusted third-party relay. The stolen payload included not only file contents but also system metadata such as Node.js version, platform, and architecture, providing attackers with immediately actionable information for subsequent targeted attacks.

Live Payload Iteration: Version 2.0.6’s Enhanced Threat

A notable aspect of this campaign was the attacker’s apparent real-time debugging and refinement of the payload across the four malicious versions:

  • Version 2.0.4: Initially targeted .env and .env.local files. A planned opt-out check was commented out, leaving no escape for compromised developers.
  • Version 2.0.5: Released just three minutes later, this version briefly shifted its focus to README.md and AGENTS.md, likely a test to confirm the webhook receiver’s functionality.
  • Version 2.0.6: Published at 17:26 UTC, this iteration proved to be the most dangerous. It abandoned specific file targeting in favor of a comprehensive directory sweep. A collectEnvFiles() function was implemented to gather every file starting with .env, encompassing critical files like .env.local, .env.production, .env.staging, and .env.development, consolidating them into a single POST request. All console output was suppressed, rendering the attack invisible to the victim.
  • Version 2.0.7: This final version reverted to targeting only .env and .env.local but notably included a self-referential dependency on version 2.0.6 within its package.json. This indicated the attacker was actively monitoring results and refining their payload in real-time while the package remained publicly available for installation.

The files typically targeted in such attacks often contain highly sensitive credentials, including AWS access keys, GitHub personal access tokens, npm publish tokens, database connection strings, API keys for services like Stripe, OpenAI, and Twilio, and OAuth client secrets. The exfiltration of any of these credentials can lead to severe consequences, such as full account takeover, extensive data breaches, or unauthorized consumption of cloud resources.

What You Should Do

Developers must act immediately to determine if they have been affected and to mitigate potential damage.

  • Check Lock Files: Promptly examine your project’s lock files (package-lock.json, yarn.lock, pnpm-lock.yaml) for any installation of the unscoped “tanstack” package, specifically versions 2.0.4 through 2.0.7. Use the following command:
    grep -r "tanstack" package-lock.json yarn.lock pnpm-lock.yaml 2>/dev/null
  • Assume Compromise and Rotate Credentials: If any affected version is found, assume all environment files present during the installation were compromised. Immediately rotate the following credentials:
    • AWS access keys and secrets (audit CloudTrail for any unauthorized API calls).
    • GitHub tokens with repository or organization scope.
    • npm tokens (revoke and reissue at npmjs.com/settings).
    • All database credentials stored in .env files.
    • Third-party API keys across all affected environment files (e.g., Stripe, OpenAI, Twilio).
  • CI/CD Environment Check: For CI pipeline environments, the postinstall script also executes during npm ci. Review CI provider job logs for the installation step. Rotate all secrets injected into that pipeline’s environment during the period of compromise.
  • Network Monitoring: Monitor outbound HTTPS traffic to api.svix.com in your network logs around the time of installation to help confirm whether data exfiltration occurred.

Indicators of Compromise (IOCs)

Version SHA256 Hash
[email protected] 72ec4571e27c06f1d48737477c2b38a4f90d699950dab8946b48591133dc4f90
[email protected] 04ee5325c8900c9d644ed81c9012525b6fc19f21c65cef85b6ba98b6a0a23566
[email protected] abc164807947b102164488a08161adb4ee08be6b78a371350a6b156eed0d97d9
[email protected] 7bb84e6ba893248814cd3bac70b7bdc115740fba9e13419940c73460cbcd7b6f

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackBreachExploitVulnerability

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

New xlabs_v1 Botnet Targets Minecraft Servers via ADB-Exposed Android Devices

Next Post

New MicroStealer Malware Targets Telecom, Education Sectors

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Linux Kernel FUSE Vulnerability (CVE-2023-XXXX) Lets Attackers Gain Root Privileges
July 10, 2026
Critical GNU Guix Vulnerabilities Let Attackers Elevate Privileges
July 10, 2026
Critical Windows Shortcut Vulnerability Allows Remote Code Execution
July 10, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us