Active Supply Chain Attack Hits 84 @tanstack npm Packages
Source: Socprime
Published:
<p>Socket researchers uncovered a supply-chain compromise impacting 84 npm packages published under the @tanstack namespace. The malicious updates introduced a heavily obfuscated JavaScript file designed to steal CI-related secrets from GitHub Actions, AWS, HashiCorp Vault, and Kubernetes environmen