Four published versions of a fake "tanstack" package uploaded in 27 minutes that want to steal your .env files
An attacker registered the unscoped 'tanstack' name on npm and published four malicious versions (2.0.4-2.0.7) within 27 minutes on April 29, 2026. These packages contained postinstall hooks that automatically exfiltrated environment files containing sensitive credentials when developers ran npm install. The attacker exploited name confusion with the legitimate @tanstack organization, which publishes widely-used JavaScript libraries. The malicious code targeted .env files, stealing AWS keys, API tokens, database credentials, and OAuth secrets by sending them to an attacker-controlled Svix webhook endpoint. Version 2.0.6 was particularly dangerous, sweeping all .env variants in the working directory. The version history reveals live debugging by the attacker, who iteratively refined the payload targeting and stealth capabilities while the package remained publicly available with approximately 19,830 monthly downloads.
AI Analysis
Technical Summary
An attacker registered the unscoped 'tanstack' package name on npm and rapidly published four malicious versions containing postinstall scripts designed to steal environment files (.env) from developers' systems. These scripts exfiltrated sensitive credentials to an attacker-controlled Svix webhook endpoint. The campaign exploited name confusion with the legitimate @tanstack organization, a known publisher of popular JavaScript libraries. The attacker actively debugged and improved the payload during the brief window the packages were available, increasing the scope of stolen data. This represents a supply chain attack via package squatting and abuse of npm postinstall hooks.
Potential Impact
If developers installed these malicious packages, their local environment files containing sensitive credentials (AWS keys, API tokens, database credentials, OAuth secrets) could have been exfiltrated to an attacker-controlled endpoint. This could lead to credential compromise and potential unauthorized access to cloud resources and services. The attack leverages supply chain trust and developer workflows, increasing the risk of widespread credential leakage. No known active exploitation in the wild has been reported to date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Developers should verify that they have not installed any unscoped 'tanstack' packages, especially versions 2.0.4 through 2.0.7. Remove any such packages and rotate any potentially exposed credentials found in .env files. Use scoped package names (@tanstack) to avoid confusion and consider implementing package integrity verification. Monitor npm advisories and official @tanstack communications for updates.
Indicators of Compromise
- hash: 04ee5325c8900c9d644ed81c9012525b6fc19f21c65cef85b6ba98b6a0a23566
- hash: 72ec4571e27c06f1d48737477c2b38a4f90d699950dab8946b48591133dc4f90
- hash: 7bb84e6ba893248814cd3bac70b7bdc115740fba9e13419940c73460cbcd7b6f
- hash: abc164807947b102164488a08161adb4ee08be6b78a371350a6b156eed0d97d9
- url: https://api.svix.com/ingest/api/v1/source/src_3387PLMB2uhXOBe3Q8sHu/in/3j2jokvbaF4WWdngv8zBbk
Four published versions of a fake "tanstack" package uploaded in 27 minutes that want to steal your .env files
Description
An attacker registered the unscoped 'tanstack' name on npm and published four malicious versions (2.0.4-2.0.7) within 27 minutes on April 29, 2026. These packages contained postinstall hooks that automatically exfiltrated environment files containing sensitive credentials when developers ran npm install. The attacker exploited name confusion with the legitimate @tanstack organization, which publishes widely-used JavaScript libraries. The malicious code targeted .env files, stealing AWS keys, API tokens, database credentials, and OAuth secrets by sending them to an attacker-controlled Svix webhook endpoint. Version 2.0.6 was particularly dangerous, sweeping all .env variants in the working directory. The version history reveals live debugging by the attacker, who iteratively refined the payload targeting and stealth capabilities while the package remained publicly available with approximately 19,830 monthly downloads.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
An attacker registered the unscoped 'tanstack' package name on npm and rapidly published four malicious versions containing postinstall scripts designed to steal environment files (.env) from developers' systems. These scripts exfiltrated sensitive credentials to an attacker-controlled Svix webhook endpoint. The campaign exploited name confusion with the legitimate @tanstack organization, a known publisher of popular JavaScript libraries. The attacker actively debugged and improved the payload during the brief window the packages were available, increasing the scope of stolen data. This represents a supply chain attack via package squatting and abuse of npm postinstall hooks.
Potential Impact
If developers installed these malicious packages, their local environment files containing sensitive credentials (AWS keys, API tokens, database credentials, OAuth secrets) could have been exfiltrated to an attacker-controlled endpoint. This could lead to credential compromise and potential unauthorized access to cloud resources and services. The attack leverages supply chain trust and developer workflows, increasing the risk of widespread credential leakage. No known active exploitation in the wild has been reported to date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Developers should verify that they have not installed any unscoped 'tanstack' packages, especially versions 2.0.4 through 2.0.7. Remove any such packages and rotate any potentially exposed credentials found in .env files. Use scoped package names (@tanstack) to avoid confusion and consider implementing package integrity verification. Monitor npm advisories and official @tanstack communications for updates.
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://www.aikido.dev/blog/fake-tanstack-packages-steal-env-files"]
- Adversary
- null
- Pulse Id
- 69f9fed3a3c5ca9c78a875a9
- Threat Score
- null
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash04ee5325c8900c9d644ed81c9012525b6fc19f21c65cef85b6ba98b6a0a23566 | — | |
hash72ec4571e27c06f1d48737477c2b38a4f90d699950dab8946b48591133dc4f90 | — | |
hash7bb84e6ba893248814cd3bac70b7bdc115740fba9e13419940c73460cbcd7b6f | — | |
hashabc164807947b102164488a08161adb4ee08be6b78a371350a6b156eed0d97d9 | — |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://api.svix.com/ingest/api/v1/source/src_3387PLMB2uhXOBe3Q8sHu/in/3j2jokvbaF4WWdngv8zBbk | — |
Threat ID: 69fa1914cbff5d86100ff335
Added to database: 5/5/2026, 4:21:40 PM
Last enriched: 5/5/2026, 4:39:00 PM
Last updated: 5/6/2026, 3:55:00 AM
Views: 62
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.