TanStack npm Packages Compromised in Ongoing Supply-Chain Attack
Multiple TanStack npm packages were compromised in a supply-chain attack involving credential-stealing malware targeting CI systems, especially GitHub Actions. The malicious packages, including widely used ones like @tanstack/react-router, contained heavily obfuscated code capable of daemonization and accessing environment variables to steal secrets. The attackers exploited GitHub Actions cache poisoning and pull_request_target workflows to extract OIDC tokens, enabling unauthorized npm package publishing. The malware harvests credentials from GitHub Actions, AWS services, HashiCorp Vault, and Kubernetes, establishing persistence in developer environments and exfiltrating data via a decentralized P2P network. The campaign also includes self-propagation mechanisms to further spread the compromise. No official patch or remediation guidance is currently provided in the available data.
AI Analysis
Technical Summary
This threat involves a supply-chain attack on TanStack npm packages where attackers injected credential-stealing malware into 84 package artifacts. The malware includes a file named router_init.js with obfuscation and daemonization features, targeting CI/CD environments like GitHub Actions. Attackers leveraged GitHub Actions cache poisoning and pull_request_target patterns to steal OIDC tokens, which were then used to authenticate malicious npm publishes through trusted-publisher bindings. The malware collects credentials from multiple sources including GitHub Actions secrets, AWS IMDS, Secrets Manager, SSM, HashiCorp Vault, and Kubernetes, and persists in developer tools directories. Data exfiltration occurs via Session's decentralized P2P network. The campaign is ongoing and expanding, with self-propagation capabilities that steal npm OIDC tokens and republish compromised packages autonomously. No CVE or patch information is available, and no known exploits in the wild are reported.
Potential Impact
The compromise affects widely used npm packages with millions of weekly downloads, potentially exposing numerous CI/CD pipelines and developer environments to credential theft. Stolen credentials include GitHub Actions secrets and cloud service tokens, which could lead to unauthorized access to cloud resources and further compromise. The malware's persistence in developer tools and autonomous republishing capabilities increase the risk of widespread supply-chain contamination. However, no confirmed active exploitation in the wild has been reported yet.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until official fixes or guidance are available, organizations should audit their CI/CD workflows for suspicious activity, especially GitHub Actions workflows using pull_request_target and cache features. Review and rotate potentially exposed secrets and tokens. Monitor for unusual npm package versions and consider using package integrity verification. Avoid trusting npm packages without verifying their provenance during this ongoing campaign.
Indicators of Compromise
- hash: 79ac49eedf774dd4b0cfa308722bc463cfe5885c
- domain: git-tanstack.com
- url: https://git-tanstack.com/transformers.pyz
- hash: ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c
- hash: 2ec78d556d696e208927cc503d48e4b5eb56b31abc2870c2ed2e98d6be27fc96
- hash: 833fd59ebe66a4449982c6d18db656b4
- hash: b82e54923f7e440664d2d75bd31588ca
- hash: 12ed9a3c1f73617aefdb740480695c04405d7b4b
- hash: e7d582b98ca80690883175470e96f703ef6dc497
TanStack npm Packages Compromised in Ongoing Supply-Chain Attack
Description
Multiple TanStack npm packages were compromised in a supply-chain attack involving credential-stealing malware targeting CI systems, especially GitHub Actions. The malicious packages, including widely used ones like @tanstack/react-router, contained heavily obfuscated code capable of daemonization and accessing environment variables to steal secrets. The attackers exploited GitHub Actions cache poisoning and pull_request_target workflows to extract OIDC tokens, enabling unauthorized npm package publishing. The malware harvests credentials from GitHub Actions, AWS services, HashiCorp Vault, and Kubernetes, establishing persistence in developer environments and exfiltrating data via a decentralized P2P network. The campaign also includes self-propagation mechanisms to further spread the compromise. No official patch or remediation guidance is currently provided in the available data.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This threat involves a supply-chain attack on TanStack npm packages where attackers injected credential-stealing malware into 84 package artifacts. The malware includes a file named router_init.js with obfuscation and daemonization features, targeting CI/CD environments like GitHub Actions. Attackers leveraged GitHub Actions cache poisoning and pull_request_target patterns to steal OIDC tokens, which were then used to authenticate malicious npm publishes through trusted-publisher bindings. The malware collects credentials from multiple sources including GitHub Actions secrets, AWS IMDS, Secrets Manager, SSM, HashiCorp Vault, and Kubernetes, and persists in developer tools directories. Data exfiltration occurs via Session's decentralized P2P network. The campaign is ongoing and expanding, with self-propagation capabilities that steal npm OIDC tokens and republish compromised packages autonomously. No CVE or patch information is available, and no known exploits in the wild are reported.
Potential Impact
The compromise affects widely used npm packages with millions of weekly downloads, potentially exposing numerous CI/CD pipelines and developer environments to credential theft. Stolen credentials include GitHub Actions secrets and cloud service tokens, which could lead to unauthorized access to cloud resources and further compromise. The malware's persistence in developer tools and autonomous republishing capabilities increase the risk of widespread supply-chain contamination. However, no confirmed active exploitation in the wild has been reported yet.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until official fixes or guidance are available, organizations should audit their CI/CD workflows for suspicious activity, especially GitHub Actions workflows using pull_request_target and cache features. Review and rotate potentially exposed secrets and tokens. Monitor for unusual npm package versions and consider using package integrity verification. Avoid trusting npm packages without verifying their provenance during this ongoing campaign.
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack"]
- Adversary
- TeamPCP
- Pulse Id
- 6a033148e786c959261ff66f
- Threat Score
- null
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash79ac49eedf774dd4b0cfa308722bc463cfe5885c | — | |
hashab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c | — | |
hash2ec78d556d696e208927cc503d48e4b5eb56b31abc2870c2ed2e98d6be27fc96 | — | |
hash833fd59ebe66a4449982c6d18db656b4 | — | |
hashb82e54923f7e440664d2d75bd31588ca | — | |
hash12ed9a3c1f73617aefdb740480695c04405d7b4b | — | |
hashe7d582b98ca80690883175470e96f703ef6dc497 | — |
Domain
| Value | Description | Copy |
|---|---|---|
domaingit-tanstack.com | — |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://git-tanstack.com/transformers.pyz | — |
Threat ID: 6a035a94cbff5d8610036a57
Added to database: 5/12/2026, 4:51:32 PM
Last enriched: 5/12/2026, 5:06:32 PM
Last updated: 5/13/2026, 1:01:53 AM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.