TanStack npm Supply Chain Attack: Detailed Analysis of the May 2026 GitHub Actions ...
Source: Rescana
Published:
<p>On May 11, 2026, a critical supply chain attack targeted the TanStack open-source project via a sophisticated breach of its GitHub repository and npm package publishing pipeline. The incident, attributed to the threat group TeamPCP , exploited a chain of vulnerabilities in GitHub Actions workflow