The popular TanStack library used by thousands of JavaScript projects was compromised in a sophisticated supply chain attack, with malicious code published to npm that could harvest credentials from developer machines. The incident highlights continuing vulnerabilities in the open-source ecosystem's distribution infrastructure - and demonstrates why package manager security remains an unsolved problem.

On May 11, 2026, attackers published 84 malicious versions across 42 @tanstack/* npm packages by chaining three vulnerabilities together. According to TanStack's detailed postmortem, the attack exploited a workflow misconfiguration, GitHub Actions cache poisoning, and OIDC token extraction to bypass security controls and gain publishing access.

The attack vector was elegant and terrifying. The TanStack repository used a <code>pull_request_target</code> workflow that allowed fork code to execute with base repository permissions. Attackers submitted a malicious PR, poisoned the GitHub Actions cache with compromised dependencies, and then extracted OIDC authentication tokens directly from the runner's memory when the legitimate release workflow executed.

Supply chain attacks on npm keep happening despite years of warnings. TanStack is used by major projects across the JavaScript ecosystem, meaning this compromise could have had widespread impact. Anyone who installed affected versions during the attack window needs to rotate AWS, GCP, Kubernetes, Vault, GitHub, npm, and SSH credentials reachable from their development machines.

External researcher Ashish Kurmi from StepSecurity detected the compromise within 20 minutes of publication, identifying the malicious <code>optionalDependencies</code> fingerprint pointing to a 2.3MB obfuscated payload. The malware harvested credentials from environment variables, configuration files, and cloud metadata services - essentially everything accessible to a Node.js process during package installation.

The response was swift: TanStack deprecated all 84 affected versions, purged GitHub Actions caches, and restructured workflows with repository ownership guards and pinned action references. But the fundamental vulnerability remains across the ecosystem. The npm trust model assumes package maintainers are who they claim to be and that their publishing environments are secure.