Postmortem: TanStack npm supply-chain compromise

On May 11, 2026, between 19:20 and 19:26 UTC, attackers published 84 malicious versions across 42 TanStack npm packages, exploiting vulnerabilities in GitHub Actions workflows and cache poisoning techniques. The breach was detected swiftly by an external researcher, and affected versions have been deprecated. No npm credentials were stolen, but users are advised to rotate related credentials.

The attack involved a sophisticated chain of exploits, including the creation of a malicious fork of TanStack/router, leveraging the pull_request_target workflow, and executing a payload during npm install. The payload, a ~2.3 MB obfuscated script, harvested credentials from cloud providers, secrets managers, and local configuration files, and exfiltrated data over encrypted channels. The malicious code also propagated to other packages maintained by the victims, re-publishing them with injected payloads.

The malicious versions were published during two separate npm publish events at approximately 19:20 and 19:26 UTC, using an OIDC token obtained via compromised GitHub Actions workflows. The breach was detected within 20 minutes by researcher ashishkurmi, leading to immediate deprecation of affected versions and engagement of npm security teams to remove the malicious tarballs from the registry.

Why It Matters

This incident underscores the risks associated with supply-chain attacks leveraging CI/CD pipelines and automation workflows. The malicious code’s ability to harvest sensitive credentials from cloud environments and exfiltrate data highlights potential for severe security breaches, including unauthorized access to cloud resources and further compromise of affected organizations.

For developers and organizations using TanStack packages, this incident emphasizes the importance of monitoring for compromised dependencies and rotating secrets following supply-chain incidents. It also raises awareness of vulnerabilities in automated workflows that can be exploited to insert malicious code.

IoT Supply Chain Security Risk Analysis and Mitigation: Modeling, Computations, and Software Tools (SpringerBriefs in Computer Science)

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Background

Supply-chain attacks via package registries have become increasingly common, with recent incidents exploiting CI/CD systems to inject malicious code. On May 10, 2026, the attacker created a fork of TanStack/router and staged malicious commits, culminating in the publication of harmful package versions on May 11. The attack exploited the pull_request_target workflow, which bypasses certain security restrictions, allowing the malicious payload to run during the package publishing process.

This event follows a pattern of recent supply-chain compromises, where attackers leverage automation tools and trust boundaries within CI/CD pipelines to distribute malicious code rapidly across multiple packages. The incident reveals vulnerabilities in workflow permissions and highlights the need for stricter security controls in automated release processes.

“We have no evidence of npm credentials being stolen, but we strongly recommend rotating all related credentials after the incident.”

— Tanner Linsley, TanStack

“The malicious versions were detected within 20 minutes, allowing us to act quickly and mitigate further impact.”

— ashishkurmi, researcher at stepsecurity

“We are actively investigating the breach and have removed the malicious packages from the registry.”

— npm security team

SSL, Keys & Secrets Compliance Made Simple: Practical Guide to Lifecycle Controls, Logs & Compliance for DORA, NIS2 & ISO 27001 (IT Made Simple Series)

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

What Remains Unclear

It remains unclear how the attacker initially gained access to the GitHub workflows or whether other packages or ecosystems were affected beyond the publicly disclosed TanStack packages. The full scope of compromised credentials and the potential for further malicious activity are still under investigation.

Automating DevOps with GitLab CI/CD Pipelines: Build efficient CI/CD pipelines to verify, secure, and deploy your code using real-life examples

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

What’s Next

npm security teams and affected organizations will continue monitoring for similar exploits, review workflow permissions, and implement stricter security measures. Further updates are expected as the investigation progresses, including potential advisories and recommendations for securing CI/CD pipelines against future supply-chain attacks.

Key Questions

Were any npm credentials stolen during the attack?

According to TanStack and npm security, there is no evidence that npm credentials were stolen. The attack exploited workflow permissions and cache poisoning to publish malicious packages.

What should affected users do now?

Users who installed affected versions on May 11, 2026, should rotate all related credentials, including cloud access tokens, secrets, and SSH keys, and review their security policies for CI/CD pipelines.

How did the attacker manage to publish malicious package versions?

The attacker exploited the pull_request_target workflow, which allows code to run with elevated permissions during pull request events, combined with cache poisoning and runtime memory extraction of OIDC tokens to authenticate malicious publishes.

Is this incident likely to happen again?

While security measures are being reinforced, supply-chain attacks exploiting CI/CD pipelines remain a significant risk. Organizations should review and tighten permissions, monitor dependencies, and implement secret rotation policies.