Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
EY Data Breach: Attackers Access IT Support, Download Documents
July 17, 2026
Ransomware Attack Halts Fairlife Production Across US
July 17, 2026
PentestCode AI Agent Automates Pen Testing with 18 Specialized Tools
July 17, 2026
Home/CyberSecurity News/Critical Supply Chain Attack on TanStack NPM Packages Exposes CI Credentials
CyberSecurity News

Critical Supply Chain Attack on TanStack NPM Packages Exposes CI Credentials

Key Takeaways A significant supply chain attack compromised 84 npm package artifacts within the popular TanStack ecosystem. The attack leveraged compromised CI credentials, specifically GitHub...

Emy Elsamnoudy
Emy Elsamnoudy
May 12, 2026 4 Min Read
46 0

Key Takeaways

  • A significant supply chain attack compromised 84 npm package artifacts within the popular TanStack ecosystem.
  • The attack leveraged compromised CI credentials, specifically GitHub Actions, to inject credential-stealing malware into widely used libraries.
  • The malicious payload is designed to exfiltrate sensitive credentials, including AWS, GCP, Kubernetes, HashiCorp Vault, GitHub tokens, and SSH keys.
  • All affected versions have been deprecated, and a fix is available by updating to clean versions and rotating credentials.

The TanStack development ecosystem, a widely adopted suite of JavaScript tools, has been hit by a critical supply chain attack affecting 84 npm package artifacts. This sophisticated compromise involved the infiltration of continuous integration (CI) systems, specifically GitHub Actions, leading to the publication of malicious versions of popular TanStack libraries containing credential-stealing malware.

Table Of Content

  • Key Takeaways
  • Attack Chain and GitHub Actions Abuse
  • What You Should Do

The incident, which saw malicious packages uploaded to the npm registry between approximately 19:20 and 19:26 UTC, poses a severe risk to countless downstream projects that integrate these tools. The payload specifically targeted CI environments, indicating an intent to harvest sensitive operational credentials.

According to research by Socket, the compromise affected 42 distinct TanStack packages, with two malicious versions published for each. Prominent libraries like @tanstack/react-router, which alone boasts over 12 million weekly downloads, were among those impacted. The extensive reach and transitive dependencies of these packages within the JavaScript ecosystem suggest a potentially massive blast radius for this attack.

The severity of this compromise is rated as HIGH. The injected malware is capable of exfiltrating a broad range of critical credentials, including those for AWS, GCP, Kubernetes, and HashiCorp Vault, alongside GitHub tokens, SSH keys, and the contents of .npmrc files.

Each compromised package version contained an illicitly added file named router_init.js, weighing in at approximately 2.3 MB. This file exhibited heavy obfuscation, consistent with the javascript-obfuscator tool. Its characteristics included string-array rotation, hex-encoded identifier lookups (e.g., _0x253b), control-flow flattening through while(!![]){} state machines, and the injection of dead code. This obfuscation technique clearly differentiates it from standard minifiers such as Terser or esbuild.

Functionally, the payload was designed for stealth and persistence. It featured spawn-based daemonization with a _DAEMONIZED re-entrancy guard to prevent multiple executions. It directly accessed GITHUB_* environment variables, including CI tokens and actor identities, to facilitate its operations. The malware also employed a temporary directory for staging, with a full read, write, and unlink lifecycle, and incorporated remote streaming and dispatch mechanisms to exfiltrate the collected secrets.

Attack Chain and GitHub Actions Abuse

The malicious package versions also introduced an optionalDependencies field in their package.json files, pointing to a suspicious standalone commit hash 79ac49eedf774dd4b0cfa308722bc463cfe5885c within the TanStack/router GitHub repository. This commit lacked parent history and solely introduced a package.json and a bundled tanstack_runner.js payload.

A critical element of this attack was the registration of a prepare lifecycle hook in the malicious package.json, executing bun run tanstack_runner.js && exit 1. This command ensured that arbitrary code would run automatically on developer workstations or CI runners during package installation.

TanStack’s own postmortem analysis revealed a sophisticated attack chain involving three distinct GitHub Actions abuse techniques. These included the pull_request_target “Pwn Request” pattern, GitHub Actions cache poisoning that exploited the fork-to-base trust boundary, and runtime memory extraction of an OpenID Connect (OIDC) token directly from the Actions runner process. Notably, no npm tokens were compromised in this incident.

Instead, the malicious publishers authenticated to npm via the project’s OIDC trusted-publisher binding. This was achieved after attacker-controlled code executed during the workflow’s test and cleanup phases, enabling the direct publication of the compromised packages to npm.

The malicious commit was attributed to a GitHub account named voicproducoes. Public repositories associated with this account include a project titled “A Mini Shai-Hulud has Appeared,” a phrase previously linked to large-scale npm malware campaigns, strongly suggesting an account takeover.

In response, TanStack has deprecated all 84 affected package versions, issuing a SECURITY warning, and has collaborated with npm security to remove the malicious tarballs from the registry. GitHub Actions cache entries related to the incident have been purged. Furthermore, hardening measures have been implemented, including restructuring the vulnerable workflow, adding repository-owner guards, and pinning third-party action references to enhance security.

What You Should Do

  • Any developer who installed a @tanstack/* package between approximately 19:20 and 19:30 UTC on the day of the attack should immediately consider their host potentially compromised.
  • Rotate all cloud, GitHub, and SSH credentials that may have been exposed through CI systems or local development environments.
  • Thoroughly audit cloud logs for any suspicious or unauthorized activity.
  • Reinstall all affected packages from a clean lockfile, ensuring they are pinned to known-good, non-malicious versions.
  • Check your package.json files for any @tanstack/* package versions containing "@tanstack/setup": "github:tanstack/router#79ac49ee..." in their optionalDependencies field; these should be considered malicious.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackMalwarePatchSecurity

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

Google Warns of AI-Generated Zero-Day Exploit in Real Attacks

Next Post

Critical CVE-2026-41940 lets attackers take over cPanel & WHM servers

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
ClickLock macOS Stealer Kills Apps, Forces Password Entry
July 17, 2026
Top 10 Identity Threat Detection and Response (ITDR) Solutions for 2026
July 17, 2026
GPT-5.6 Codex Bug Deletes Files From Home Directories
July 17, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Emy Elsamnoudy
Emy Elsamnoudy
Jennifer sherman
Jennifer sherman
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us