npm Supply Chain Vulnerability: TanStack Package Contamination with Malware

May 12, 2026 · 1 source · 1 region

Supply chain security breach: malicious actors pushed 84 poisoned versions of TanStack npm packages in a six-minute window, containing credential theft and disk-wiping code. The incident highlights ongoing vulnerability of the npm ecosystem to coordinated package contamination attacks.

Sources

Cache-poisoning caper turns TanStack npm packages toxic The Register · Global

← Back to this edition